Aon is looking for a Security Engineer.
As part of an industry-leading team, you will help empower results for our clients by delivering innovative and effective solutions supporting the Proactive Testing Services team.
Your impact as a Security Engineer
The Proactive Testing team is looking for smart, energetic and motivated individuals to add to its New York City and Charlotte, NC teams. As a Security Engineer you will be performing the following services:
Web and mobile application penetration testing.
Application source code review.
Network penetration testing (external & internal), to include vulnerability exploitation and pivoting to gain remote system access.
Documenting technical issues identified during security assessments.
Secure Development Lifecycle consultancy and advisory.
Vulnerability research and exploit development.
We provide a challenging and exciting work environment that offers a healthy combination of autonomy and senior level support. Our team publishes books and security blogs, contributes to open source software projects, and are engaged in a variety of continuous security research projects. If you enjoy performing deep technical work in a fun and casual atmosphere, contact us to find out more about joining our team.
You Bring Knowledge and Expertise
The following are expected from potential applicants:
2+ years of experience with penetration testing against web and mobile application layer platforms, above and beyond running automated tools.
1-2 years of experience with network/infrastructure penetration testing.
Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, Ruby or Java.
Familiarity with application layer assessment tools, such as local proxies and fuzzers.
Familiarity with threat modeling and security design review methodologies.
A good understanding of Unix, Windows and network security skills.
Ability to work both independently and perform as a leader in a team environment.
Ability to work remotely as part of a distributed team and travel to client sites when required.
Excellent communication skills in English (both written and oral); able to concisely communicate security risks to both technical and business audiences.
The following skills are not required from applicants but would be considered a plus:
Degree in Computer Science, Information Systems, Engineering or related major.
Experience working as part of an enterprise development team.
Experience developing custom scripts or tools used for vulnerability scanning and identification.
Experience with client/server thick client penetration testing.
A good understanding of cryptography fundamentals.
Produced public facing research and/or delivered presentations at well known industry security conferences.
We offer you
A competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization.
Our Colleague Experience:
From helping clients gain access to capital after natural disasters, to creating access to health care and retirement for millions, Aon colleagues empower results for our clients, communities, and each other every day. They make a difference, work with the best, own their potential, and value one another. This is the Aon Colleague Experience, defining what it means to work at Aon and realizing our vision of empowering human and economic possibility. To learn more visit Aon Colleague Experience.
Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.
Aon provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, or domestic partner status. Aon is committed to a diverse workforce and is an affirmative action employer.
DISCLAIMER: Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.