Applied Cyber Security Researcher

About The Position

Requirements

• 5+ years of experience in cybersecurity, with a strong focus on threat intelligence, threat research, or security operations
• 3+ years of hands‑on experience conducting cyber threat research, including analysis of emerging threats, attack vectors, and vulnerabilities
• 3+ years of experience analyzing large‑scale security datasets to identify malicious activity, trends, and indicators of compromise
• Proven experience performing malware analysis, including investigation of malicious tools, exploit kits, and attacker techniques
• 3 or more years of demonstrated experience across the threat intelligence lifecycle, including collection, correlation, analysis, and dissemination of intelligence from multiple sources
• Demonstrated ability to produce high‑quality tactical intelligence reports and threat assessments for both technical and executive audiences
• 2+ years of experience operationalizing threat intelligence to enhance detection, incident response, and overall security posture
• 2+ years of hands-on threat hunting experience using investigative approaches and multiple security telemetry sources
• Solid understanding of adversary behaviors, techniques, and frameworks such as MITRE ATT&CK
• Experience creating and maintaining threat hunting playbooks, investigative procedures, and repeatable workflows
• Experience supporting incident response investigations, providing technical expertise during active security incidents
• 3+ years of experience working with security operations teams (SOC, threat operations, IR) in an enterprise environment
• Demonstrable ability to build, tune, and curate detections, alerts, and signals to improve threat detection coverage
• Strong data analysis skills with the ability to identify patterns, anomalies, and behavioral indicators of compromise
• Ability to engineer tactical security solutions and respond effectively in time‑sensitive or high‑pressure scenarios
• Excellent ability to convey information clearly in writing and speech, with the capacity to explain complex threats and findings

Nice To Haves

• 5+ years of demonstrated experience in threat intelligence, threat hunting, or advanced security operations roles
• Experience integrating and operationalizing new security technologies within a large enterprise environment
• Hands‑on experience with SIEM, EDR/XDR, SOAR, and Threat Intelligence Platforms (TIPs)
• Scripting or query experience (e.g., Python, KQL, SPL, SQL) for analysis, detection engineering, or automation
• Experience developing custom tooling or workflows to support threat operations and investigations
• Familiarity with cloud security telemetry and hybrid enterprise environments
• Prior experience working in a global, highly regulated, or complex enterprise environment
• Relevant industry certifications (e.g., GCTI, GCFA, GREM, CRTO, GCIH or equivalent)

Responsibilities

• Research and Analysis
• Conduct in‑depth research on emerging cyber threats, attack vectors, and security vulnerabilities.
• Perform analysis on unique and large‑scale security data sets to enhance security operations across Aon.
• Analyze malware, exploit kits, and other malicious tools to understand behavior, techniques, and potential countermeasures.
• Threat Intelligence
• Gather, correlate, and analyze intelligence from multiple internal and external sources to identify potential threats.
• Produce detailed tactical intelligence reports and threat assessments to support operational and leadership decision‑making.
• Develop, maintain, and improve threat intelligence feeds, tooling, and workflows.
• Operationalize threat intelligence to improve detection, response, and overall security posture.
• Participate in proactive threat hunting activities to identify threats and indicators of compromise within Aon’s environment.
• Apply multiple data sources to develop threat hunting hypotheses, signals, and techniques to uncover malicious activity.
• Create and maintain threat hunting playbooks based on emerging adversary behaviors and techniques.
• Incident Response Investigation Support
• Assist in incident response activities by offering specialized knowledge and investigative support during security incidents.
• Collaborate with the Proactive Threat Operations team, Aon AC3, and other cybersecurity teams to support investigation and response efforts.
• Security Operations Enablement
• Perform data analysis to identify trends, patterns, and indicators of compromise.
• Create, tune, and curate detections and signals to enhance threat detection capabilities.
• Support day‑to‑day security operations by developing and implementing security tools, workflows, and technologies.
• Engineer tactical solutions to address immediate security needs and active incidents.
• Collaborate with security operations teams to integrate new security technologies and tooling into existing infrastructure.
• Provide technical support and expertise to sustain and improve ongoing security operations.

Benefits

• Aon offers a comprehensive package of benefits for full-time and regular part-time colleagues, including, but not limited to: a 401(k) savings plan with employer contributions; an employee stock purchase plan; consideration for long-term incentive awards at Aon’s discretion; medical, dental and vision insurance, various types of leaves of absence, paid time off, including 12 paid holidays throughout the calendar year, 15 days of paid vacation per year, paid sick leave as provided under state and local paid sick leave laws, short-term disability and optional long-term disability, health savings account, health care and dependent care reimbursement accounts, employee and dependent life insurance and supplemental life and AD&D insurance; optional personal insurance policies, adoption assistance, tuition assistance, commuter benefits, and an employee assistance program that includes free counseling sessions. Eligibility for benefits is governed by the applicable plan documents and policies.