We are currently looking for a highly skilled and experienced Director to build, lead, and grow our Hardware Security service line!
We want technical people leading technical people. This pivotal role involves building a new service line from the ground up, structuring / shaping the client offering, developing methodologies, leading a team of penetration testers, actively collaborating with clients and internal sales teams in the pursuit of new opportunities to grow the service line, and publishing research. The ideal candidate will possess a deep hands-on understanding of hardware and embedded system security, along with strong leadership and project management skills, with the ability to perform hands-on testing and provide detailed mentorship whenever necessary.
Do you possess extensive knowledge in hardware penetration testing, reverse engineering, low-level programming, code review, and fuzzing techniques? Aon is in the business of better decisions.
At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.
Join our Aon group, which is a leading provider of specialty insurance solutions and programs offered to professional, small & medium enterprise and consumer markets. What the day will look like
Develop and implement a strategic plan for the hardware and embedded penetration test service line, including helping to define the service offering.
Lead the development of internal methodologies, checklists, and marketing collateral to support the growth of the hardware penetration testing and reverse engineering service line.
Work closely with Business Development teams and new prospective customers to close new deals.
Build statement of work / proposals for clients that define scope of work, duration, deliverables, and pricing.
Oversee technical delivery of engagements relating to the business. Provide quality assurance and technical review of client work and internal documentation.
Work alongside various internal teams (e.g., operations, finance, delivery, technical) to ensure overall success of client engagement. Form a team of hardware and embedded penetration testers through recruiting and mentorship.
Cross-train team members within the practice. How this opportunity is different
As the leader of the hardware and reversing team, you will play a key role in driving our team’s success and design the future of our hardware security practice. This is an opportunity to work on a wide variety of projects, from small-scale assessments to large-scale engagements with major clients.
We offer a collaborative and innovative work environment that encourages creativity and cultivates professional growth. You will have access to a wide range of resources, including training, development programs, and mentorship from experienced experts. Skills and experience that will lead to success. Three or more years of demonstrated ability with business development, scoping, and client/project management. 10+ years of relevant professional experience performing hardware/embedded security assessments. Experience leading a technical team and collaborating with clients. Strong programming and code review skills in C/C++ and ASM. Experience cross compiling and working in various toolchains. Proficiency reverse engineering firmware Deep understanding of wireless protocols (e.g., Bluetooth, Zigbee) Hands-on experience with JTAG, SWD, UART, I2C, and SPI protocols and expertise in using related tooling. Experience soldering to remove flash chips, attaching test leads, etc. Experience extracting and analyzing firmware from hardware devices. Experience flashing custom firmware. Familiarity with QEMU, unicorn and/or other applications for emulating devices, firmware, and binaries. Experience with methods of tamper-proofing and potential circumvention methods Proficiency in writing custom tooling, as well as working with industry standard applications (e.g., IDA Pro/Ghidra and various debuggers) Knowledge of modern exploitation techniques, including heap shaping and familiarity with other attacks such as side-channel, fault-injection, etc. Familiarity with fuzzing, instrumenting binaries and writing fuzzing harnesses to identify vulnerabilities via custom tooling and/or AFL, libfuzzer, etc. Understanding of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, and secure data storage These skills/experiences are a plus:
Expertise in side-channel attacks, power analysis, clock glitching, CPLD/FPGA, and RF analysis.
Familiarity with embedded device architectures such as ARM, MIPS, PowerPC, x86, etc. RISC-V and microcontroller experience is a plus.
Sophisticated proficiency in Web Application, Mobile application, and Network penetration testing
Public / published research and/or CVEs related to hardware and embedded device security testing, embedded device, and hardware / security architecture design review.
Industry leading certifications (e.g., OSCE/OSED, OSEE, GIAC GREM, eCRE, CREA, etc.) How we support our colleagues
In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognize that flexibility goes beyond just the place of work… and we are all for it. We call this Smart Working!
Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.
Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.
Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. People with criminal histories are encouraged to apply.
We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com
For positions in San Francisco and Los Angeles, we will consider for employment qualified applicants with arrest and conviction record in accordance with local Fair Chance ordinances.
Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time. Pay Transparency Laws:
The target salary range for this position is $180,000. To $200,000. annually. The actual salary will vary based on applicant’s education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant’s geographic location.
This position is eligible to participate in one of Aon’s annual incentive plans. The amount of the incentive varies and is subject to the terms and conditions of the applicable incentive plan.
Aon offers a comprehensive package of benefits for full-time and regular part-time colleagues, including, but not limited to: a 401(k) savings plan with employer contributions; an employee stock purchase plan; consideration for long-term incentive awards at Aon’s discretion; medical, dental and vision insurance, various types of leaves of absence, paid time off, including 12 paid holidays throughout the calendar year, 15 days of paid vacation per year, paid sick leave as provided under state and local paid sick leave laws, short-term disability and optional long-term disability, health savings account, health care and dependent care reimbursement accounts, employee and dependent life insurance and supplemental life and AD&D insurance; optional personal insurance policies, adoption assistance, tuition assistance, commuter benefits, and an employee assistance program that includes free counseling sessions. Eligibility for benefits is governed by the applicable plan documents and policies.

LI-KH1

254415

Please refer the Job description for details