logo

Recruitment Update : Avoid unauthorized communications regarding career opportunities from individuals not affiliated with Aon or its recruitment team. Aon will only contact you from an official Aon email address and will never request personal information such as bank account details, Social Security numbers, or National IDs via social media or chat-based applications. Aon does not send or request payments for the purchase of business-related equipment. The only legitimate way to apply for a position at Aon is through our Careers site at jobs.aon.com. If you receive a suspicious recruiting message from someone claiming to be an Aon recruiter on platforms like Telegram, we kindly request that you report it as spam and block the sender immediately.

Automated Employment Decision Tool Notice (NYC Jobs)

banner
Back

IR Lead

  • Makati City, Philippines; Makati City, Philippines
  • Consulting

Job Description

Incident Response Lead

We are looking for a dedicated individual to join us as a Incident Response Lead at Aon Philippines, offering you a real opportunity to further develop your capabilities.

This is a great opportunity to become a fundamental member of a highly professional and diverse team. Aon is a global organization which strives to provide meaningful career paths for its employees. Come on board and reap the rewards.

Aon is in the business of better decisions

At Aon, we shape decisions for the better to protect and enrich the lives of people around the world.

As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

Role Overview

As part the Aon Cyber Solutions (ACS) Reactive Services team, you will help empower results for our clients by delivering innovative and effective solutions supporting Risk. As an IR lead you will be working in Aon’s offices in the Philippines and you will report directly to the Head of the Reactive Services team located in Hong Kong.

The ACS Reactive Services team primarily executes Incident Response engagements, but also works in many investigative and technical areas to help clients solve problems. Casework may include: the preservation and forensic analysis of operating systems; post-breach incident response; the collection of evidence from various devices and networks; document forgery analyses; user activity timelining; deletion, spoliation, and obstruction of justice analyses; IP theft investigation and remediation; interviews of technical staff; IoT device data analysis; online investigations; data analytics; client consultation; expert report writing; and more.

As an IR lead, you will lead teams of expert professionals in running high-stakes, high-profile investigations and incident response engagements for our clients. You will bring significant experience in cybersecurity consulting to bear on your casework, along with mastery of the fundamentals of running cybersecurity investigations. You will work at the direction of the unit head to scope, coordinate, be responsible for, and perform numerous client cases, which require work in any of the technical areas described above or beyond.

What the day will look like

  • Lead the most sophisticated forensic analyses handled by the firm.
  • Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based analysis across all major operating systems and network device platforms.
  • Produce high quality oral and written English work product, presenting complex technical matters clearly and concisely to both clients and internal staff.
  • Support or provide expert testimony in trials, depositions, and other proceedings, if required.
  • Supervise Digital Forensics and Incident Response staff, including coordinating teams of professionals, assuring stellar work product, and assisting with performance reviews and mentorship of cybersecurity professionals.
  • Ensure that client matters are staffed adequately and efficiently and that deadlines are met.
  • General management and supervision of projects including budgeting.
  • Form and articulate expert opinions based on analysis.
  • Draft and conduct peer review of expert reports, affidavits, and other experienced testimony.

Skills that would lead to success:

Essential Requirements

  • 8+ years or more of sustained hands-on excellence in the Incident Response industry along with some digital forensic experience. 2+ years Incident Response lead experience.
  • Ability to anticipate and respond to changing priorities and operate effectively in a dynamic, demand-based environment, requiring flexibility and responsiveness to client matters and needs.
  • Project management experience.
  • Deep experience with most common operating systems (Windows, macOS, Linux, iOS, Android) and their file systems (ext3/4, HFS+, APFS, NTFS, exFAT, etc.).
  • Proficiency with industry-standard forensic toolsets (i.e. X-Ways, EnCase, Axiom/IEF, Cellebrite/UFED, and FTK).
  • Ability to conduct malware analysis in support of incident response engagements.
  • Proficiency with database querying and analysis.
  • Knowledge of scripting/programming languages to assist in automating some IR processes.
  • Knowledge of memory analysis techniques including the use of volatility, rekall, or other tools.
  • Experience with conducting log analysis of various types of logs, including Windows Event Logs, Apache, IIS, and firewall logs.
  • Experience with command line tools (grep, sed, awk, powershell), python, and other programming languages.
  • Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.
  • Confidence, humility, and a commitment to learning and teaching others in a collaborative environment of forward-thinking cybersecurity leaders.
  • Must be able to work collaboratively across departments and physical locations.
  • Comfort with intermittent periods of travel, evening and weekend hours.
  • Exceptional work ethic; high level of professionalism and adherence to ethical standards.
  • Strong written and oral communication skills, plus attention to detail.
  • Fluency in spoken and written English essential.
  • A high level of professionalism in all areas of performance.
  • One or more relevant industry certifications relating to Incident Response SANS GCFA or GCIH, CREST CPIA or CRIA, or equivalent
  • Meeting Aon Global and local compliance requirements
  • Contribute to a curriculum and assist in-house training sessions, individualized if needed, for DFIR staff, to ensure appropriate development of skills and continued innovation

Preferred Requirements

  • Bachelor’s Degree in Computer Science, Information Security, Engineering, Digital Forensics or other relevant subjects.
  • Interest or previous experience in business development or client management
  • Interest in building intellectual capital for the firm by writing blogs, submitting to CFPs, and crafting internal tools for analysis.
  • Familiarity with mobile device operating systems including iOS and Android.
  • Knowledge of computer networking technologies.
  • Proficiency with C++, C#, Python, or SQL— Assembler languages are a plus.
  • Prior experience/knowledge of penetration testing/hacking techniques such as SQLi, XSS, RFI/LFI, Directory traversal, and tools such as Nessus, Nmap, Kali Linux, Burp Suite, SQLMap, etc.
  • Participation in technical meetings and working groups to address issues related to malware security, vulnerabilities, and issues of cybersecurity and preparedness.
  • A constantly developed DFIR skill set, and proficiency with industry standard tools and practices, through outside training and research.

How we support our colleagues

In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself.  We offer a variety of working style solutions, but we also recognise that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working!

Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.

Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.  

Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. 

We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com

2552286