Cyber Security Advisory Consulting Sr. Consultant

Aon is looking for a Cyber Security Advisory Consulting Sr. Consultant – Defense and Transformation This Defense and Transformation service line Sr. Consultant role will be part of a cross-functional Proactive Security Services team that, complete, and delivers various Security Advisory engagements for our clients. Aon’s Cyber Security Advisory Consulting is client-facing management consulting function. Our Proactive Advisory teams, within this business unit, specialize in the development and implementation of customized cybersecurity solutions for clients’, in fee-for-service projects to mitigate risks and prepare companies in advance of a cyber incident. Our Advisory services lines include Cybersecurity Organizational Design and Strategy; Risk and Compliance; Defense and Transformation; Resilience; Data Security and Privacy; and M&A/Private Equity. As part of these service areas and within a shared resource model, your day-to-day contributions are focused on translating clients’ cybersecurity requirements and customizing and implementing security solutions into specific guidance and insights to inform strategies, operations, and tactics. Your delivery objective will be to identify and develop the security solutions for clients using your current knowledgebase and interpersonal skills along with our company products and technical tools to minimize security vulnerabilities and maximize the effectiveness of appropriate security controls. These project-based initiatives can involve working at customer sites, working from an Aon office, or working remotely / from home. Performance is typically measured by utilization (i.e., billable hours), role-based metrics, and the successful delivery of agreed solutions within budgeted hours. The location is flexible. Your impact as a Cyber Security Advisory Consulting Sr. Consultant Job Responsibilities: This role will be part of a multi-functional Proactive Security Services team that leads, carries out, and delivers various Security Advisory engagements for our clients. The responsibilities of this position include but are not limited to the following: Support delivery teams that conduct enterprise-level technical security assessments for various clients. Performing blue teaming / purple teaming and technical security assessments against on premise and public/hybrid/private cloud environments. Conduct Breach and Attack Simulations against client environments to gauge effectiveness of security controls and provide improvement recommendations. Enhance and scale traditional defensive security programs for clients against ransomware, APT, and insider threat scenarios. Assess IT network and security architectures in line with industry standard processes and frameworks. Perform document reviews, analyse artifacts and conduct interviews with client security and technology personnel as part of security assessments. Perform hands-on analysis as needed such as control / configuration review of client technology and security stack using automated and manual methods. Develop client security programs by reviewing existing capabilities; conducting comprehensive reviews of threats; evaluating and analyzing relevant data points. Recommend strategies to defend against threats such as ransomware, nation-state attacks, and insider threat. Support engagement lead and team members during client engagement execution, ensuring timely progress, achievement of objectives, and delivery quality. Contribute to maturing team competence and capabilities by improving delivery processes; mentoring team members and finding opportunities for new service offerings You Bring Knowledge and Expertise Required Experience: Strong technical fundamentals in either Security Operations, DevSecOps, Red Teaming or Blue Teaming Professional experience in both offensive and defensive information security fields 2+ years substantive experience in a technical cyber security role (offensive and/or defensive) 2+ years Substantive experience with two or more of the following over the course of career: Building and/or maintaining attack simulation and C2 infrastructure Driving technical security assessments and attack surface analysis against on premise and public/hybrid/private cloud environments Performing blue teaming/purple teaming, technical security assessments or penetration tests against on premise and public/hybrid/private cloud environments Building and/or maintaining security operations program for large and complex environments Hands-on experience red teaming/blue teaming for large complex environments Providing security advisory services related to secure design and architecture, ransomware defenses, or post-breach remediation. The ideal candidate would have 3+ years in progressively sophisticated roles in information security consulting, coupled with demonstrable experience in various Cybersecurity domains, including security engineering, security operations, security architecture, cloud security and/or blue teaming/red teaming. Familiarity with cybersecurity frameworks and standards such as NIST CSF, MITRE ATT&CK and CIS Critical Security Controls. Strong oral and written communications skills. A demonstrated ability to write clear, coherent and precise reports on a multiplicity of complex technical issues is essential. Preferred Experience: Recent consulting experience with a mid to large size consulting firm/practice preferred. Security certifications (CISSP, GIAC, OSCP, AWS/Azure/GCP) a plus. Experience working on cloud security teams, security operations teams, blue team /purple team engagements, ransomware defensive strategies would be a plus. Education: Bachelor’s degree in computer science, information technology, or equivalent work experience. How we support our colleagues In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognize that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued. Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace. Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. The salary range for this position (intended for U.S. applicants) is $115000 to $140000 annually. The actual salary will vary based on applicant’s education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant’s geographic location. This position is eligible to participate in one of Aon’s annual incentive plans to receive an annual discretionary bonus in addition to base salary. The amount of any bonus varies and is subject to the terms and conditions of the applicable incentive plan. Aon offers a comprehensive package of benefits for full-time and regular part-time colleagues, including, but not limited to: a 401(k) savings plan with employer contributions; an employee stock purchase plan; consideration for long-term incentive awards at Aon’s discretion; medical, dental and vision insurance, various types of leaves of absence, paid time off, including 12 paid holidays throughout the calendar year, 15 days of paid vacation per year, paid sick leave as provided under state and local paid sick leave laws, short-term disability and optional long-term disability, health savings account, health care and dependent care reimbursement accounts, employee and dependent life insurance and supplemental life and AD&D insurance; optional personal insurance policies, adoption assistance, tuition assistance, commuter benefits, and an employee assistance program that includes free counseling sessions. Eligibility for benefits is governed by the applicable plan documents and policies. #LI-NS1 Select Work-style (delete as appropriate): #LI-HYBRID #LI-REMOTE 2548017 Aon is looking for a Cyber Security Advisory Consulting Sr. Consultant – Defense and Transformation This Defense and Transformation service line Sr. Consultant role will be part of a cross-functional Proactive Security Services team that, complete, and delivers various Security Advisory engagements for our clients. Aon’s Cyber Security Advisory Consulting is client-facing management consulting function. Our Proactive Advisory teams, within this business unit, specialize in the development and implementation of customized cybersecurity solutions for clients’, in fee-for-service projects to mitigate risks and prepare companies in advance of a cyber incident. Our Advisory services lines include Cybersecurity Organizational Design and Strategy; Risk and Compliance; Defense and Transformation; Resilience; Data Security and Privacy; and M&A/Private Equity. As part of these service areas and within a shared resource model, your day-to-day contributions are focused on translating clients’ cybersecurity requirements and customizing and implementing security solutions into specific guidance and insights to inform strategies, operations, and tactics. Your delivery objective will be to identify and develop the security solutions for clients using your current knowledgebase and interpersonal skills along with our company products and technical tools to minimize security vulnerabilities and maximize the effectiveness of appropriate security controls. These project-based initiatives can involve working at customer sites, working from an Aon office, or working remotely / from home. Performance is typically measured by utilization (i.e., billable hours), role-based metrics, and the successful delivery of agreed solutions within budgeted hours. The location is flexible. Your impact as a Cyber Security Advisory Consulting Sr. Consultant Job Responsibilities: This role will be part of a multi-functional Proactive Security Services team that leads, carries out, and delivers various Security Advisory engagements for our clients. The responsibilities of this position include but are not limited to the following: Support delivery teams that conduct enterprise-level technical security assessments for various clients. Performing blue teaming / purple teaming and technical security assessments against on premise and public/hybrid/private cloud environments. Conduct Breach and Attack Simulations against client environments to gauge effectiveness of security controls and provide improvement recommendations. Enhance and scale traditional defensive security programs for clients against ransomware, APT, and insider threat scenarios. Assess IT network and security architectures in line with industry standard processes and frameworks. Perform document reviews, analyse artifacts and conduct interviews with client security and technology personnel as part of security assessments. Perform hands-on analysis as needed such as control / configuration review of client technology and security stack using automated and manual methods. Develop client security programs by reviewing existing capabilities; conducting comprehensive reviews of threats; evaluating and analyzing relevant data points. Recommend strategies to defend against threats such as ransomware, nation-state attacks, and insider threat. Support engagement lead and team members during client engagement execution, ensuring timely progress, achievement of objectives, and delivery quality. Contribute to maturing team competence and capabilities by improving delivery processes; mentoring team members and finding opportunities for new service offerings You Bring Knowledge and Expertise Required Experience: Strong technical fundamentals in either Security Operations, DevSecOps, Red Teaming or Blue Teaming Professional experience in both offensive and defensive information security fields 2+ years substantive experience in a technical cyber security role (offensive and/or defensive) 2+ years Substantive experience with two or more of the following over the course of career: Building and/or maintaining attack simulation and C2 infrastructure Driving technical security assessments and attack surface analysis against on premise and public/hybrid/private cloud environments Performing blue teaming/purple teaming, technical security assessments or penetration tests against on premise and public/hybrid/private cloud environments Building and/or maintaining security operations program for large and complex environments Hands-on experience red teaming/blue teaming for large complex environments Providing security advisory services related to secure design and architecture, ransomware defenses, or post-breach remediation. The ideal candidate would have 3+ years in progressively sophisticated roles in information security consulting, coupled with demonstrable experience in various Cybersecurity domains, including security engineering, security operations, security architecture, cloud security and/or blue teaming/red teaming. Familiarity with cybersecurity frameworks and standards such as NIST CSF, MITRE ATT&CK and CIS Critical Security Controls. Strong oral and written communications skills. A demonstrated ability to write clear, coherent and precise reports on a multiplicity of complex technical issues is essential. Preferred Experience: Recent consulting experience with a mid to large size consulting firm/practice preferred. Security certifications (CISSP, GIAC, OSCP, AWS/Azure/GCP) a plus. Experience working on cloud security teams, security operations teams, blue team /purple team engagements, ransomware defensive strategies would be a plus. Education: Bachelor’s degree in computer science, information technology, or equivalent work experience. How we support our colleagues In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognize that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued. Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace. Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. The salary range for this position (intended for U.S. applicants) is $115000 to $140000 annually. The actual salary will vary based on applicant’s education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant’s geographic location. This position is eligible to participate in one of Aon’s annual incentive plans to receive an annual discretionary bonus in addition to base salary. The amount of any bonus varies and is subject to the terms and conditions of the applicable incentive plan. Aon offers a comprehensive package of benefits for full-time and regular part-time colleagues, including, but not limited to: a 401(k) savings plan with employer contributions; an employee stock purchase plan; consideration for long-term incentive awards at Aon’s discretion; medical, dental and vision insurance, various types of leaves of absence, paid time off, including 12 paid holidays throughout the calendar year, 15 days of paid vacation per year, paid sick leave as provided under state and local paid sick leave laws, short-term disability and optional long-term disability, health savings account, health care and dependent care reimbursement accounts, employee and dependent life insurance and supplemental life and AD&D insurance; optional personal insurance policies, adoption assistance, tuition assistance, commuter benefits, and an employee assistance program that includes free counseling sessions. Eligibility for benefits is governed by the applicable plan documents and policies. #LI-NS1 Select Work-style (delete as appropriate): #LI-HYBRID #LI-REMOTE