The Proactive Security Testing team is looking for motivated individuals to add to its team. We provide a challenging and exciting work environment that offers a healthy combination of autonomy and senior level support. Our team publishes books and security blogs, delivers conference talks, contributes to open-source software projects, and are engaged in a variety of continuous security research projects.

Aon is in the business of better decisions.

At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

What the day will look like

As a Principal Application Security Tester (termed internally as a “Security Testing Manager”) , you will serve as a senior member of the penetration testing team. In addition, the person in the role will do the following:

• Conduct complex hybrid web application security assessments, involving code review and dynamic application testing applying a combination of static and dynamic source code analysis techniques.

• Write test harnesses to help identify and proof-of-concept potential security vulnerabilities.

• Clearly communicate vulnerabilities to client development teams during and post-assessment.

• Document technical issues identified during security assessments, outlining the associated risks for clients, and providing tailored recommendations for remediation.

• Assist colleagues in pre-sales scoping activities for penetration testing engagements.

• Offer technical mentorship and career development guidance to junior engineers within the organization.

• Engage in vulnerability research to produce blog posts, conference talks, whitepapers, etc.

• Contribute to internal business operations by participating in and suggesting process improvements.

• Develop, update, and improve internal tooling used for reporting and penetration testing.

• Partner with the team in the recruitment of new penetration testing talent including reviewing resumes and conducting interviews.

  How this opportunity is different

  As a principal application security penetration tester, you will work on a wide variety of projects, from small-scale assessments to large-scale engagements with major clients.

  We offer a collaborative and innovative work environment that encourages creativity and cultivates professional growth. You will have access to a wide range of resources, including training, development programs, and mentorship from experienced experts.

  Skills and experience that will lead to success.

• 4+ years of hands-on penetration testing and/or bug bounty experience.

• Some expertise in development and/or source code review, focusing on languages such as Java, C#, C/C++, PHP, Ruby, Python, Go, Swift, Objective C/C++, Kotlin, etc.

• Up to date experience with testing techniques and tooling, such as Burp Suite and other fuzzers/proxies.

• Up to date experience with code review scanning tools, such as Fortify, Semgrep, etc.

• Deep knowledge of common software vulnerabilities, such as those described in the OWASP Top 10 and CWE/SANS Top 25.

• Possesses a solid grasp of Unix, Windows, and network security.

• Ability to work remotely as part of a distributed team and travel to client sites when required.

• Excellent communication skills (written & verbal) in English, to present complex technical topics concisely to both technical and business audiences.

  These skills/experiences are a plus:

• Experience at an existing consulting firm as a penetration tester

• Experience performing hands-on mobile application penetration testing on iOS and/or Android platforms.

• Experience with Bug Bounties, reporting critical/high risk issues to programs.

• Degree in Computer Science, Information Systems, Engineering or related major and/or equivalent experience.

• Reputable security certifications, including but not limited to: OSCP, OSWE, GWAPT, OSEE OSCE/OSED, GPEN, GXPN, BSCP

• Produced public facing research and/or delivered presentations at well-known industry security conferences.

  How we support our colleagues

  In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognize that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working!

  Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.

  Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.

  Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. People with criminal histories are encouraged to apply.

  We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com

  For positions in San Francisco and Los Angeles, we will consider for employment qualified applicants with arrest and conviction record in accordance with local Fair Chance ordinances.

  Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

  Pay Transparency Laws:

  The salary range for this position (intended for U.S. applicants) is $130,000 - $180,000 annually. The actual salary will vary based on applicant’s education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant’s geographic location.

  This position is eligible to participate in one of Aon’s annual incentive plans to receive an annual discretionary bonus in addition to base salary. The amount of any bonus varies and is subject to the terms and conditions of the applicable incentive plan.

  LI-KH1

  2537783

  The Proactive Security Testing team is looking for motivated individuals to add to its team. We provide a challenging and exciting work environment that offers a healthy combination of autonomy and senior level support. Our team publishes books and security blogs, delivers conference talks, contributes to open-source software projects, and are engaged in a variety of continuous security research projects.

  Aon is in the business of better decisions.

  At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

  What the day will look like

  As a Principal Application Security Tester (termed internally as a “Security Testing Manager”) , you will serve as a senior member of the penetration testing team. In addition, the person in the role will do the following:

• Conduct complex hybrid web application security assessments, involving code review and dynamic application testing applying a combination of static and dynamic source code analysis techniques.

• Write test harnesses to help identify and proof-of-concept potential security vulnerabilities.

• Clearly communicate vulnerabilities to client development teams during and post-assessment.

• Document technical issues identified during security assessments, outlining the associated risks for clients, and providing tailored recommendations for remediation.

• Assist colleagues in pre-sales scoping activities for penetration testing engagements.

• Offer technical mentorship and career development guidance to junior engineers within the organization.

• Engage in vulnerability research to produce blog posts, conference talks, whitepapers, etc.

• Contribute to internal business operations by participating in and suggesting process improvements.

• Develop, update, and improve internal tooling used for reporting and penetration testing.

• Partner with the team in the recruitment of new penetration testing talent including reviewing resumes and conducting interviews.

  How this opportunity is different

  As a principal application security penetration tester, you will work on a wide variety of projects, from small-scale assessments to large-scale engagements with major clients.

  We offer a collaborative and innovative work environment that encourages creativity and cultivates professional growth. You will have access to a wide range of resources, including training, development programs, and mentorship from experienced experts.

  Skills and experience that will lead to success.

• 4+ years of hands-on penetration testing and/or bug bounty experience.

• Some expertise in development and/or source code review, focusing on languages such as Java, C#, C/C++, PHP, Ruby, Python, Go, Swift, Objective C/C++, Kotlin, etc.

• Up to date experience with testing techniques and tooling, such as Burp Suite and other fuzzers/proxies.

• Up to date experience with code review scanning tools, such as Fortify, Semgrep, etc.

• Deep knowledge of common software vulnerabilities, such as those described in the OWASP Top 10 and CWE/SANS Top 25.

• Possesses a solid grasp of Unix, Windows, and network security.

• Ability to work remotely as part of a distributed team and travel to client sites when required.

• Excellent communication skills (written & verbal) in English, to present complex technical topics concisely to both technical and business audiences.

  These skills/experiences are a plus:

• Experience at an existing consulting firm as a penetration tester

• Experience performing hands-on mobile application penetration testing on iOS and/or Android platforms.

• Experience with Bug Bounties, reporting critical/high risk issues to programs.

• Degree in Computer Science, Information Systems, Engineering or related major and/or equivalent experience.

• Reputable security certifications, including but not limited to: OSCP, OSWE, GWAPT, OSEE OSCE/OSED, GPEN, GXPN, BSCP

• Produced public facing research and/or delivered presentations at well-known industry security conferences.

  How we support our colleagues

  In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognize that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working!

  Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.

  Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.

  Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. People with criminal histories are encouraged to apply.

  We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com

  For positions in San Francisco and Los Angeles, we will consider for employment qualified applicants with arrest and conviction record in accordance with local Fair Chance ordinances.

  Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

  Pay Transparency Laws:

  The salary range for this position (intended for U.S. applicants) is $130,000 - $180,000 annually. The actual salary will vary based on applicant’s education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant’s geographic location.

  This position is eligible to participate in one of Aon’s annual incentive plans to receive an annual discretionary bonus in addition to base salary. The amount of any bonus varies and is subject to the terms and conditions of the applicable incentive plan.

  LI-KH1