Senior Consultant, Security Testing

Aon Corporation Los Angeles , CA 90009

Posted 2 months ago

Aon is looking for a Senior Consultant.

As part of an industry-leading team, you will help empower results for our clients by delivering innovative and effective solutions supporting the Proactive Testing Services team.

Your impact as a Senior Consultant

Job Responsibilities:

The Proactive Testing team is looking for smart, energetic and motivated individuals to add to its New York City, Charlotte, NC and Dallas teams. As a Senior Consultant, you will be performing the following services:

  • Web and mobile application penetration testing.

  • Application source code review.

  • Network penetration testing (external & internal), to include vulnerability exploitation and pivoting to gain remote system access.

  • Documenting technical issues identified during security assessments.

  • Secure Development Lifecycle consultancy and advisory.

  • Vulnerability research and exploit development.

We provide a challenging and exciting work environment that offers a healthy combination of autonomy and senior level support. Our team publishes books and security blogs, contributes to open source software projects, and are engaged in a variety of continuous security research projects. If you enjoy performing deep technical work in a fun and casual atmosphere, contact us to find out more about joining our team.

You Bring Knowledge and Expertise

Required Experience:

The following are expected from potential applicants:

  • 3+ years of experience with penetration testing against web and mobile application layer platforms, above and beyond running automated tools.

  • 1-2 years of experience with network/infrastructure penetration testing.

  • Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, Ruby or Java.

  • Familiarity with application layer assessment tools, such as local proxies and fuzzers.

  • Familiarity with threat modeling and security design review methodologies.

  • A good understanding of Unix, Windows and network security skills.

  • Ability to work both independently and perform as a leader in a team environment.

  • Ability to work remotely as part of a distributed team and travel to client sites when required.

  • Excellent communication skills in English (both written and oral); able to concisely communicate security risks to both technical and business audiences.

Preferred Experience:

The following skills are not required from applicants but would be considered a plus:

  • Degree in Computer Science, Information Systems, Engineering or related major.

  • Experience working as part of an enterprise development team.

  • Experience developing custom scripts or tools used for vulnerability scanning and identification.

  • Experience with client/server thick client penetration testing.

  • A good understanding of cryptography fundamentals.

  • Produced public facing research and/or delivered presentations at well known industry security conferences.

Education:

  • Bachelor's degree or equivalent years of industry experience.

We offer you

A competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization.

Our Colleague Experience:

From helping clients gain access to capital after natural disasters, to creating access to health care and retirement for millions, Aon colleagues empower results for our clients, communities, and each other every day. They make a difference, work with the best, own their potential, and value one another. This is the Aon Colleague Experience, defining what it means to work at Aon and realizing our vision of empowering human and economic possibility. To learn more visit Aon Colleague Experience.

About Aon:

Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.

By applying for a position with Aon, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Aon's employment policies. Background checks may include some or all of the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, fingerprint verification, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position.

Aon provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, or domestic partner status. Aon is committed to a diverse workforce and is an affirmative action employer.

DISCLAIMER:

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.
2468317


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Advisory Senior Consultant Cybersecurity Application Security

Ernst & Young LLP

Posted 3 days ago

VIEW JOBS 1/22/2020 12:00:00 AM 2020-04-21T00:00 Our clients are faced with external pressures on an unprecedented scale. The ability to translate strategy into reality is key to their enhanced business performance. As an advisory professional, you will be focused on helping them achieve this goal. You'll work in high-performing teams that deliver exceptional client service, enabling organizations to grow, innovate, protect and optimize their business performance – playing your part in building a better working world. We believe that you should own and shape your career. But we'll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you'll interact and team with individuals from various geographies and sectors. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by researching and discovering the newest security vulnerabilities, attending and speaking at top security conferences around the world, and sharing knowledge on a variety of topics with key industry groups. The team frequently provides thought leadership and information exchanges through traditional and less conventional communications channels such as speaking at conferences, publishing white papers and blogging. Our professionals work together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients. Key Responsibilities: * Work with client personnel to enhance the Software Development Life Cycle (SDLC) by adding security to remove vulnerabilities and protect business logic. Establish a security program for the SDLC, capture the client's current application architecture, lead the overall application review process, identify application vulnerabilities, propose architectural changes, design, coordinate, and implement these changes at procedural and technological levels. * Perform detailed Quality Assurance (QA) review of web-based applications, identify and validate application vulnerabilities, and perform actual remediation at architectural and source code levels. * Complete the draft and final reports and other deliverables as specified in planning documentation. Ensure project documentation is complete and archived appropriately. * Act as a subject matter resource in specific programming languages and web application environments. Propose vulnerability risk level and estimated level of remediation effort. Propose code fix or architectural strategies to remediate identified vulnerabilities. Confirm appropriateness of a proposed remediation approach or propose viable alternatives and perform the actual remediation. * Collaborate with the engagement team to plan the engagement and develop work programs, timelines, and planning documentation. Work with the team to document the business processes dependent on IT. Ensure high-quality client service by directing daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance. * Demonstrate and apply a thorough understanding of complex enterprise systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues. Communicate appropriately with the engagement team and client management through written correspondence and verbal presentations. * Demonstrate and apply strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services. To qualify, candidates must have: * Bachelor's degree and a minimum of 2 years of related work experience; or a Master's degree and approximately 1-2 years of related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major. * Experience conducting application security vulnerability assessments and attacks including creation of proof-of-concept exploits. * Experience with tools such as Fortify, AppScan, WebInspect, Burp, ZAP. * Demonstrated experience with enterprise application development in one or more of the common development platforms: Java/J2EE, .NET/C#, C/C++, PHP, Python, or Flash. * Demonstrated experience in Information Security strategic planning, architecture migration strategies or security engineering strategy. * Knowledge of networking and system-level concepts such as web application architecture, REST APIs, SOAP, jQuery, AJAX, message oriented architecture. * Demonstrated experience in key Cybersecurity domains such as identity, access management, and cryptography. * Enterprise experience with application development for mobile platforms such as iOS, or usage of mobile frameworks such as Kony or PhoneGap is a plus. * Understanding of best practice methodologies in application security including OWASP and mobile. * Understanding of development methodologies such as waterfall, agile, continuous integration. * Demonstrated experience in writing enterprise security standards, policies, coding guidelines. * Ability to examine issues both strategically and analytically. * Proficiency in the English language, including the ability to listen, understand, read, and communicate effectively both written and verbally in a professional environment. * Demonstrated characteristics of a forward thinker and self-motivator who thrives on new challenges and adapts to learning new knowledge. * Strong analytical and problem-solving skills. * A military/government background is a plus. * Prior Big 4 or other relevant consulting experiences a plus. * A strong work ethic. * Able to work collaboratively in a team environment. * A valid driver's license in the US and a valid passport required; willingness and ability to travel domestically and internationally to meet client needs; estimated 80% travel required. * The successful candidate must hold or be willing to pursue related professional certifications such as the CISSP, Open Group Certified Architect, or CEH certification. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. Ernst & Young LLP Los Angeles CA

Senior Consultant, Security Testing

Aon Corporation