Senior Consultant, Risk Advisory

About the position

The Senior Consultant in Risk Advisory at Aon focuses on providing cybersecurity advisory services, specifically within the Defense and Transformation service line. This role involves working as part of a cross-functional team to deliver tailored cybersecurity solutions to clients, helping them mitigate risks and prepare for potential cyber incidents. The position emphasizes client engagement, technical security assessments, and the development of security programs to enhance clients' defenses against various cyber threats.

Responsibilities

• Support delivery teams conducting enterprise-level technical security assessments for various clients.
• Perform blue teaming/purple teaming and technical security assessments against on-premise and public/hybrid/private cloud environments.
• Conduct Breach and Attack Simulations against client environments to gauge the effectiveness of security controls and provide improvement recommendations.
• Enhance and scale traditional defensive security programs for clients against ransomware, APT, and insider threat scenarios.
• Assess IT network and security architectures in line with industry standard processes and frameworks.
• Perform document reviews, analyze artifacts, and conduct interviews with client security and technology personnel as part of security assessments.
• Perform hands-on analysis as needed, such as control/configuration review of client technology and security stack using automated and manual methods.
• Develop client security programs by reviewing existing capabilities and conducting comprehensive reviews of threats.
• Recommend strategies to defend against threats such as ransomware, nation-state attacks, and insider threats.
• Support engagement lead and team members during client engagement execution, ensuring timely progress, achievement of objectives, and delivery quality.
• Contribute to maturing team competence and capabilities by improving delivery processes, mentoring team members, and finding opportunities for new service offerings.

Requirements

• Strong technical fundamentals in Security Operations, DevSecOps, Red Teaming, or Blue Teaming.
• Professional experience in both offensive and defensive information security fields.
• 2+ years substantive experience in a technical cyber security role (offensive and/or defensive).
• 2+ years substantive experience with two or more of the following: building and/or maintaining attack simulation and C2 infrastructure, driving technical security assessments, performing blue teaming/purple teaming, or building and/or maintaining security operations programs.
• Hands-on experience red teaming/blue teaming for large complex environments.
• Providing security advisory services related to secure design and architecture, ransomware defenses, or post-breach remediation.
• Familiarity with cybersecurity frameworks and standards such as NIST CSF, MITRE ATT&CK, and CIS Critical Security Controls.
• Strong oral and written communication skills.

Nice-to-haves

• Recent consulting experience with a mid to large size consulting firm/practice.
• Security certifications (CISSP, GIAC, OSCP, AWS/Azure/GCP) are a plus.
• Experience working on cloud security teams, security operations teams, or blue team/purple team engagements.

Benefits

• 401(k) savings plan with employer contributions
• Employee stock purchase plan
• Medical, dental, and vision insurance
• Paid time off including 12 paid holidays and 15 days of paid vacation per year
• Paid sick leave as provided under state and local laws
• Short-term disability and optional long-term disability
• Health savings account
• Health care and dependent care reimbursement accounts
• Employee and dependent life insurance and supplemental life and AD&D insurance
• Adoption assistance
• Tuition assistance
• Commuter benefits
• Employee assistance program including free counseling sessions