Director of Hardware Security
Company: Aon Hewitt
Location: New York
Posted on: October 14, 2024
Job Description:
We are currently looking for a highly skilled and experienced
Director to build, lead, and grow our Hardware Security service
line!We want technical people leading technical people. This
pivotal role involves building a new service line from the ground
up, structuring / shaping the client offering, developing
methodologies, leading a team of penetration testers, actively
collaborating with clients and internal sales teams in the pursuit
of new opportunities to grow the service line, and publishing
research. The ideal candidate will possess a deep hands-on
understanding of hardware and embedded system security, along with
strong leadership and project management skills, with the ability
to perform hands-on testing and provide detailed mentorship
whenever necessary.Do you possess extensive knowledge in hardware
penetration testing, reverse engineering, low-level programming,
code review, and fuzzing techniques?Aon is in the business of
better decisions.At Aon, we shape decisions for the better to
protect and enrich the lives of people around the world. As an
organization, we are united through trust as one inclusive, diverse
team, and we are passionate about helping our colleagues and
clients succeed.Join our Aon group, which is a leading provider of
specialty insurance solutions and programs offered to professional,
small & medium enterprise and consumer markets.What the day will
look like
- Develop and implement a strategic plan for the hardware and
embedded penetration test service line, including helping to define
the service offering.
- Lead the development of internal methodologies, checklists, and
marketing collateral to support the growth of the hardware
penetration testing and reverse engineering service line.
- Work closely with Business Development teams and new
prospective customers to close new deals.
- Build statement of work / proposals for clients that define
scope of work, duration, deliverables, and pricing.
- Oversee technical delivery of engagements relating to the
business. Provide quality assurance and technical review of client
work and internal documentation.
- Work alongside various internal teams (e.g., operations,
finance, delivery, technical) to ensure overall success of client
engagement. Form a team of hardware and embedded penetration
testers through recruiting and mentorship.
- Cross-train team members within the practice.How this
opportunity is differentAs the leader of the hardware and reversing
team, you will play a key role in driving our team's success and
design the future of our hardware security practice. This is an
opportunity to work on a wide variety of projects, from small-scale
assessments to large-scale engagements with major clients.We offer
a collaborative and innovative work environment that encourages
creativity and cultivates professional growth. You will have access
to a wide range of resources, including training, development
programs, and mentorship from experienced experts.Skills and
experience that will lead to success.
- Three or more years of demonstrated ability with business
development, scoping, and client/project management.
- 10+ years of relevant professional experience performing
hardware/embedded security assessments.
- Experience leading a technical team and collaborating with
clients.
- Strong programming and code review skills in C/C++ and ASM.
Experience cross compiling and working in various toolchains.
- Proficiency reverse engineering firmware.
- Deep understanding of wireless protocols (e.g., Bluetooth,
Zigbee).
- Hands-on experience with JTAG, SWD, UART, I2C, and SPI
protocols and expertise in using related tooling.
- Experience soldering to remove flash chips, attaching test
leads, etc. Experience extracting and analyzing firmware from
hardware devices. Experience flashing custom firmware.
- Familiarity with QEMU, unicorn and/or other applications for
emulating devices, firmware, and binaries. Experience with methods
of tamper-proofing and potential circumvention methods.
- Proficiency in writing custom tooling, as well as working with
industry standard applications (e.g., IDA Pro/Ghidra and various
debuggers).
- Knowledge of modern exploitation techniques, including heap
shaping and familiarity with other attacks such as side-channel,
fault-injection, etc.
- Familiarity with fuzzing, instrumenting binaries and writing
fuzzing harnesses to identify vulnerabilities via custom tooling
and/or AFL, libfuzzer, etc.
- Understanding of security-related topics, such as
authentication, entitlements, identity management, data protection,
data leakage prevention, validation checking, encryption, hashing,
principle of least privilege, software attack methodologies, secure
data transfer, and secure data storage.These skills/experiences are
a plus:
- Expertise in side-channel attacks, power analysis, clock
glitching, CPLD/FPGA, and RF analysis.
- Familiarity with embedded device architectures such as ARM,
MIPS, PowerPC, x86, etc. RISC-V and microcontroller experience is a
plus.
- Sophisticated proficiency in Web Application, Mobile
application, and Network penetration testing.
- Public / published research and/or CVEs related to hardware and
embedded device security testing, embedded device, and hardware /
security architecture design review.
- Industry leading certifications (e.g., OSCE/OSED, OSEE, GIAC
GREM, eCRE, CREA, etc.).How we support our colleaguesIn addition to
our comprehensive benefits package, we encourage a diverse
workforce. Plus, our agile, inclusive environment allows you to
manage your wellbeing and work/life balance, ensuring you can be
your best self at Aon. Furthermore, all colleagues enjoy two
"Global Wellbeing Days" each year, encouraging you to take time to
focus on yourself. We offer a variety of working style solutions,
but we also recognize that flexibility goes beyond just the place
of work... and we are all for it. We call this Smart Working!Our
continuous learning culture inspires and equips you to learn, share
and grow, helping you achieve your fullest potential. As a result,
at Aon, you are more connected, more relevant, and more valued.Aon
values an innovative, diverse workplace where all colleagues feel
empowered to be their authentic selves. Aon is proud to be an equal
opportunity workplace.Aon provides equal employment opportunities
to all employees and applicants for employment without regard to
race, color, religion, creed, sex, sexual orientation, gender
identity, national origin, age, disability, veteran, marital,
domestic partner status, or other legally protected status. People
with criminal histories are encouraged to apply.We welcome
applications from all and provide individuals with disabilities
with reasonable adjustments to participate in the job application,
interview process and to perform essential job functions once
onboard.For positions in San Francisco and Los Angeles, we will
consider for employment qualified applicants with arrest and
conviction record in accordance with local Fair Chance
ordinances.Nothing in this job description restricts management's
right to assign or reassign duties and responsibilities to this job
at any time.Pay Transparency Laws:The target salary range for this
position is $180,000 to $200,000 annually. The actual salary will
vary based on applicant's education, experience, skills, and
abilities, as well as internal equity and alignment with market
data. The salary may also be adjusted based on applicant's
geographic location.This position is eligible to participate in one
of Aon's annual incentive plans. The amount of the incentive varies
and is subject to the terms and conditions of the applicable
incentive plan.Aon offers a comprehensive package of benefits for
full-time and regular part-time colleagues, including, but not
limited to: a 401(k) savings plan with employer contributions; an
employee stock purchase plan; consideration for long-term incentive
awards at Aon's discretion; medical, dental and vision insurance,
various types of leaves of absence, paid time off, including 12
paid holidays throughout the calendar year, 15 days of paid
vacation per year, paid sick leave as provided under state and
local paid sick leave laws, short-term disability and optional
long-term disability, health savings account, health care and
dependent care reimbursement accounts, employee and dependent life
insurance and supplemental life and AD&D insurance; optional
personal insurance policies, adoption assistance, tuition
assistance, commuter benefits, and an employee assistance program
that includes free counseling sessions. Eligibility for benefits is
governed by the applicable plan documents and policies.
#J-18808-Ljbffr
Keywords: Aon Hewitt, Philadelphia , Director of Hardware Security, Executive , New York, Pennsylvania
Didn't find what you're looking for? Search again!
Loading more jobs...