Aon · 3 days ago
Director of Hardware Security
Wonder how qualified you are to the job?
ConsultingProfessional Services
Insider Connection @Aon
Responsibilities
Develop and implement a strategic plan for the hardware and embedded penetration test service line, including helping to define the service offering.
Lead the development of internal methodologies, checklists, and marketing collateral to support the growth of the hardware penetration testing and reverse engineering service line.
Work closely with Business Development teams and new prospective customers to close new deals.
Build statement of work / proposals for clients that define scope of work, duration, deliverables, and pricing.
Oversee technical delivery of engagements relating to the business. Provide quality assurance and technical review of client work and internal documentation.
Work alongside various internal teams (e.g., operations, finance, delivery, technical) to ensure overall success of client engagement. Form a team of hardware and embedded penetration testers through recruiting and mentorship.
Cross-train team members within the practice.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Three or more years of demonstrated ability with business development, scoping, and client/project management.
10+ years of relevant professional experience performing hardware/embedded security assessments.
Experience leading a technical team and collaborating with clients.
Strong programming and code review skills in C/C++ and ASM. Experience cross compiling and working in various toolchains.
Proficiency reverse engineering firmware
Deep understanding of wireless protocols (e.g., Bluetooth, Zigbee)
Hands-on experience with JTAG, SWD, UART, I2C, and SPI protocols and expertise in using related tooling.
Experience soldering to remove flash chips, attaching test leads, etc. Experience extracting and analyzing firmware from hardware devices. Experience flashing custom firmware.
Familiarity with QEMU, unicorn and/or other applications for emulating devices, firmware, and binaries. Experience with methods of tamper-proofing and potential circumvention methods
Proficiency in writing custom tooling, as well as working with industry standard applications (e.g., IDA Pro/Ghidra and various debuggers)
Knowledge of modern exploitation techniques, including heap shaping and familiarity with other attacks such as side-channel, fault-injection, etc.
Familiarity with fuzzing, instrumenting binaries and writing fuzzing harnesses to identify vulnerabilities via custom tooling and/or AFL, libfuzzer, etc.
Understanding of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, and secure data storage
Preferred
Expertise in side-channel attacks, power analysis, clock glitching, CPLD/FPGA, and RF analysis.
Familiarity with embedded device architectures such as ARM, MIPS, PowerPC, x86, etc. RISC-V and microcontroller experience is a plus.
Sophisticated proficiency in Web Application, Mobile application, and Network penetration testing
Public / published research and/or CVEs related to hardware and embedded device security testing, embedded device, and hardware / security architecture design review.
Industry leading certifications (e.g., OSCE/OSED, OSEE, GIAC GREM, eCRE, CREA, etc.)
Benefits
401(k) savings plan with employer contributions
Employee stock purchase plan
Long-term incentive awards
Medical, dental, and vision insurance
Various types of leaves of absence
Paid time off, including 12 paid holidays throughout the calendar year
15 days of paid vacation per year
Paid sick leave
Short-term disability and optional long-term disability
Health savings account
Health care and dependent care reimbursement accounts
Employee and dependent life insurance
Supplemental life and AD&D insurance
Optional personal insurance policies
Adoption assistance
Tuition assistance
Commuter benefits
Employee assistance program with free counseling sessions
Company
Aon
Aon is a global provider of risk management, insurance and reinsurance brokerage, human resources solutions, and outsourcing services.
Funding
Current Stage
Public CompanyTotal Funding
$1.94BKey Investors
Citibank NABerkshire Hathaway
2023-10-24Post Ipo Debt· $1B
2021-05-17Post Ipo Equity· $942.6M
1982-09-17IPO· nyse:AON
Recent News
2024-06-05
Canada NewsWire
2024-06-04
bloomberglaw.com
2024-06-01
Company data provided by crunchbase