Principal Hardware Security Consultant

The Proactive Security Testing team is looking for smart, energetic, and motivated individuals to add to its team. We provide a challenging and exciting work environment that offers a healthy combination of autonomy and senior level support! Our team publishes books and security blogs, delivers conference talks, contributes to open-source software projects, and are engaged in a variety of continuous security research projects.

Aon is in the business of better decisions.

At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

What the day will look like.

As a Principal Hardware Security Consultant (termed internally as a "Product Security Testing Manager"), you will serve as a senior member of the hardware testing team. In addition, the person in the role will do the following:

• Perform penetration testing activities focused on assessing the security of product crossing a variety of verticals.
• Conduct complex product security assessments, involving hardware, firmware, and code review.
• Create test harnesses to help identify and proof-of-concept potential security vulnerabilities.
• Clearly communicate vulnerabilities to client development teams during and post-assessment.
• Document technical issues identified during security assessments, outlining the associated risks for clients, and providing tailored recommendations for remediation.
• Assist colleagues in pre-sales scoping activities for penetration testing engagements.
• Offer technical mentorship and career development guidance to junior engineers within the organization.
• Engage in vulnerability research to produce blog posts, conference talks, whitepapers, etc.
• Contribute to internal business operations by participating in and suggesting process improvements.
• Develop, update, and improve internal tooling used for reporting and penetration testing.
• Partner with the team in the recruitment of new penetration testing talent including reviewing resumes and conducting interviews.

We do not offer visa sponsorship for this role.

• 5+ years of hands-on hardware/product security testing and/or demonstrated bug bounty experience (CVEs) against IoT/Mobile products, above and beyond running automated tools.

• Strong experience in reverse engineering hardware (e.g., JTAG, SPI, UART, PCB analysis, etc.).
• Proficient in using tools like oscilloscopes, logic analyzers, and hardware debuggers.
• Expertise in identifying and exploiting vulnerabilities in embedded systems.
• Advanced knowledge of microcontroller/microprocessor architectures (ARM, RISC-V, MIPS, x86, etc.).
• Understanding of hardware root of trust (RoT) mechanisms and secure key storage methods.
• Proficiency in low-level programming languages like C, C++, and Assembly.
• Experience with scripting languages like Python or Ruby for custom tooling and automation.
• Proficiency in analyzing and identifying vulnerabilities in bootloaders, secure boot implementations, and firmware images.
• Familiarity with firmware extraction methods (e.g., JTAG, SPI dumps, or NAND/eMMC/UFS removal and reading).

• Experience with static and dynamic analysis of firmware binaries utilizing reverse engineering firmware using tools like Ghidra, IDA Pro, etc.
• Ability to identify vulnerabilities in memory management (e.g., buffer overflows, heap corruption, use-after-free) within firmware.
• Expertise in analyzing encryption and authentication mechanisms in firmware.
• Firmware unpacking and identifying common compression algorithms.
• Skilled in bypassing secure boot protections and verifying signature validation issues.
• Experience with patching or modifying firmware to alter functionality.
• Proficient in detecting and exploiting misconfigurations in firmware-based access controls or privilege escalations.
• Familiarity with common firmware update mechanisms and their potential weaknesses.
• Expertise in analyzing IoT/embedded firmware for vulnerabilities in OTA (Over-the-Air) update mechanisms.
• Knowledge of Trusted Execution Environment (TEE) and associated vulnerabilities (ARM TrustZone, OP-TEE, etc.).

• Experience at an established consulting firm as a hardware security consultant or product security pentester on an internal team
• Experience with exploit development and reverse engineering
• Degree in Computer Science, Information Systems, Engineering or related major and/or equivalent experience.
• Produced public-facing research and/or delivered presentations at well-known industry security conferences.
• Expertise in identifying and exploiting high-level vulnerabilities in embedded systems (e.g., fault injection, side-channel analysis, glitching attacks).
• Understanding of supply chain risks and methods for detecting hardware implants or counterfeit components.
• Knowledge of secure hardware design principles to assess vulnerabilities in design architecture.
• Knowledge of Trusted Execution Environment (TEE) and associated vulnerabilities (ARM TrustZone, OP-TEE, etc.)

In addition to our comprehensive benefits package, we encourage an inclusive workforce. Plus, our agile environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two "Global Wellbeing Days" each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions for our colleagues as well.

Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.

Aon values an innovative and inclusive workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.

Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. People with criminal histories are encouraged to apply.

We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com

For positions in San Francisco and Los Angeles, we will consider for employment qualified applicants with arrest and conviction record in accordance with local Fair Chance ordinances.

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

The salary range for this position (intended for U.S. applicants) is $130,000 - $180,000 annually. The actual salary will vary based on applicant's education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant's geographic location.

Aon offers a comprehensive package of benefits for full-time and regular part-time colleagues, including, but not limited to: a 401(k) savings plan with employer contributions; an employee stock purchase plan; consideration for long-term incentive awards at Aon's discretion; medical, dental and vision insurance, various types of leaves of absence, paid time off, including 12 paid holidays throughout the calendar year, 15 days of paid vacation per year, paid sick leave as provided under state and local paid sick leave laws, short-term disability and optional long-term disability, health savings account, health care and dependent care reimbursement accounts, employee and dependent life insurance and supplemental life and AD&D insurance; optional personal insurance policies, adoption assistance, tuition assistance, commuter benefits, and an employee assistance program that includes free counseling sessions. Eligibility for benefits is governed by the applicable plan documents and policies.