Application Security Manager, Technical

Job Description

Posting Description

Aon is Looking for a Manager, Application Security

As part of an industry-leading team, you will help empower results for our clients by delivering innovative and effective solutions as part of our Cyber Application Security part of Global Security Services business group within Aon Services Corporation, in Chicago, IL. As a Manager, Application Security, you will report directly to the Leader of the Application Security function for Aon globally. This is an ideal role for a Senior Application Security Engineer with hands-on experience who would like to move to the next level!

Your Impact as a Manager, Application Security

Aon is working towards maturing its Application Security services by integrating security early in software development lifecycle. You will be part of building the strategies and roadmap for Threat Modeling, developing security libraries & frameworks, integrating security with CI/CD pipelines, adding control gates, driving remediation and publish metrics and dashboard for the service. You will also manage the Software Security Champion program to conduct training and spread security awareness within Aon’s development community.

Job Responsibilities:

A key task over the next year or two is integrating security testing into DevOps. Required experience includes automating security testing at scale by building and implementing static any dynamic analysis tools and integrating security into the software development lifecycle.

• Responsible for managing security assessment queue and conducting application security assessment such as Static & Dynamic Analysis
• Responsible for the overall execution of the plans and procedures related to Application Security for Aon
• Manage the relationship with third-party vendors providing services to support application security assessments
• Oversee reporting that will provide analytics and metrics to Cybersecurity leadership
• Must be competent to work at a high technical level of Web, Thick Client, Mobile, Web Services application penetration testing, capable of identifying security vulnerabilities, develop documentations, drive remediation and work with others to assist the education of secure software development lifecycle
• Assess applications and threat landscape
• Teach/train application engineers on advanced security concepts and provide remediation guidance
• Lead & manage development of Threat Modelling and Software Security Champion program
• Support governance and compliance audits relative to PCI, HIPPA, Sox and other regulations
• Help with incident response when needed

You Bring Knowledge and Expertise

Required Experience:

• 7+ years of experience working in Application Security
• Advanced level of understanding on any 2 of the Static Analysis tools (IBM Source Scan, HP Fortify, Checkmarks) and integration with SDLC/DevOps
• 5+ years of knowledge of at least one development programming language (e.g., C, C++, Java, .NET) and one scripting language (e.g., Perl, Bash, Python, Ruby)
• Advanced level knowledge of JavaScript, HTML
• Advanced level understanding of the encryption and hashing algorithm
• Good knowledge of OWASP TOP 10 and SANS TOP 25 vulnerabilities
• Intermediate level web programming ability (e.g., ASP.NET, PHP, Perl CGI or Java)
• Excellent written and oral communication skills
• Strong work ethic with the ability to effectively multitask in a fast-paced environment

Preferred Experience:

• Basic understanding of common internet protocols at the application, transport and network layers (e.g., HTTP, FTP, SSH, SMTP)
• Basic understanding of XML, SOAP and AJAX
• Basic understanding of the layers of the OSI model

Education: B.S. Computer Science or similar/equivalent area

We offer you

A competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization.

Our Colleague Experience:

From helping clients gain access to capital after natural disasters, to creating access to health care and retirement for millions, Aon colleagues empower results for our clients, communities, and each other every day. They make a difference, work with the best, own their potential, and value one another. This is the Aon Colleague Experience, defining what it means to work at Aon and realizing our vision of empowering human and economic possibility. To learn more visit Aon Colleague Experience.

About Aon:

Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.

By applying for a position with Aon, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Aon's employment policies. Background checks may include some or all of the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, fingerprint verification, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position.

Aon provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, or domestic partner status. Aon is committed to a diverse workforce and is an affirmative action employer.

DISCLAIMER:

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.