Job Information
Aon Proactive Security Testing Director in Seattle, Washington
The Proactive Security Testing practice, formerly Gotham Digital Science (GDS), is looking for a motivated individual with natural leadership abilities to provide guidance to its best-in-class team of penetration testers. We want technical people leading technical people. We are looking for an individual that can use their previous penetration testing experience. Work with multiple teams to help win and be responsible for the delivery of client engagements. Mentor junior penetration testers! What the day will look like Assist with managing several large enterprise client accounts. Collaborate with internal Business Development teams to understand and define penetration testing needs of new prospective customers. Create statement of work / proposals for clients that define scope of work, duration, deliverables, and pricing. Coordinate technical delivery of closed won engagements across a variety of disciplines including web application, security code review, mobile security, external/internal network security, social engineering, and red team engagements. Work with penetration testers to ensure execution of scope and thorough coverage. Provide quality assurance and technical review of client work and internal documentation. Work alongside various internal teams (e.g., operations, finance, delivery, technical) to ensure overall success of client engagement. Mentor junior security testing team members, including internal career development/planning and promotion paths. Assist with business operations including service line development and process improvements. Skills and Experience that will lead to success. 2+ years of experience with business development, scoping, and client/project management 5+ years of prior experience with penetration testing against web applications and/or external/internal network infrastructure-running automated beyond tools Ability to quickly understand a client's business and their associated cases to effectively articulate a security strategy aligned to their organization. Experience writing technical reports, as well as performing quality assurance and technical review. Familiarity with application layer assessment tools, such as Burp Suite and other fuzzers/proxies, and/or nmap, Nessus, etc. Understanding of Unix, Windows, and basic networking Ability to work remotely as part of a distributed team and travel to client sites only in rare circumstances --- **Current travel is HIGHLY limited. Strong organizational skills with the ability to prioritize tasks and lead time efficiently. Superb communication in English (both written and oral); able to concisely communicate security risks to both technical and business audiences. The following skills are not required from applicants but would be considered a plus: Reputable security certifications, including but not limited to: OSCP, OSCE, OSWE, OSEE, OSWP, GPEN, GXPN, CMWAPT Experience working at a reputable penetration testing company. Engaged in industry thought leadership activities, such as conference talks and/or published research via whitepapers, security blogs, etc. Experience leading a team focused on software development, network administration or security assessments. Experience developing custom scripts or tools used for vulnerability scanning and identification. Development and/or source code review experience in Java, C#, C/C++, PHP, Ruby, Python, Go, Swift, Objective C/C++, Kotlin, etc. How we support our colleagues In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two "Global Wellbeing Days" each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions