Principal Hardware Security Consultant

The Proactive Security Testing team seeks intelligent, energetic, and motivated professionals to join its ranks. We offer a challenging and dynamic environment that balances autonomy with senior-level support. Our team engages in publishing books and blogs, delivering conference talks, contributing to open-source projects, and pursuing ongoing security research.

Aon is in the business of better decisions.

At Aon, we aim to make better decisions to protect and enrich lives worldwide. We foster a culture of trust, inclusivity, and diversity, and are dedicated to the success of our colleagues and clients.

As a Principal Hardware Security Consultant (also known as a “Product Security Testing Manager”), you will be a senior member of the hardware testing team. Your responsibilities will include:

• Conducting penetration testing to evaluate product security across various sectors.
• Performing complex security assessments involving hardware, firmware, and code reviews.
• Creating test harnesses to identify and demonstrate security vulnerabilities.
• Communicating vulnerabilities effectively to client development teams during and after assessments.
• Documenting technical issues, outlining risks, and providing remediation recommendations.
• Assisting in pre-sales activities for penetration testing engagements.
• Mentoring junior engineers and guiding their career development.
• Engaging in vulnerability research and sharing findings through blogs, talks, and papers.
• Improving internal processes and tooling for security testing.
• Participating in recruitment efforts, including resume reviews and interviews.

Note: We do not sponsor visas for this role.

• At least 5 years of hands-on hardware/product security testing or bug bounty experience, especially in IoT/Mobile products.

• Experience with reverse engineering hardware components (JTAG, SPI, UART, PCB analysis).
• Proficiency with oscilloscopes, logic analyzers, and debuggers.
• Ability to identify and exploit embedded system vulnerabilities.
• Deep knowledge of microcontroller architectures (ARM, RISC-V, MIPS, x86).
• Understanding of hardware root of trust mechanisms and secure key storage.
• Skills in low-level programming languages (C, C++, Assembly).
• Experience with scripting languages like Python or Ruby.
• Expertise in firmware analysis, bootloaders, secure boot, and firmware vulnerabilities.
• Familiarity with firmware extraction techniques.

• Experience analyzing firmware with tools like Ghidra or IDA Pro.
• Ability to find vulnerabilities related to memory management, encryption, and authentication.
• Skills in firmware unpacking, bypassing secure boot, and firmware modification.
• Knowledge of OTA update mechanisms, TEE, and related vulnerabilities.

• Experience at a consulting firm or internal security team.
• Exploit development and reverse engineering expertise.
• Relevant degree or equivalent experience.
• Research publications or conference presentations.
• Experience with advanced attack techniques and supply chain security.
• Understanding of secure hardware design principles.

We promote an inclusive, flexible, and supportive work environment, emphasizing wellbeing, continuous learning, and diversity. Our benefits include Wellbeing Days, professional growth opportunities, and a comprehensive benefits package.

We are an equal opportunity employer and value diversity. We encourage applications from all qualified individuals, including those with disabilities. For accommodations, contact ReasonableAccommodations@Aon.com.

This role is subject to local fair chance laws for applicants with criminal histories.

Note: Management may assign or reassign duties at any time.

The annual salary range is $130,000 - $180,000, dependent on experience, education, location, and internal equity. Benefits include retirement plans, insurance, paid time off, and various employee programs.