Job Title - DevSecOps Architect The Global Security Architecture team is seeking a strategy minded DevSecOps Architect. The Security Architecture team values creative problem solvers who will not just admire problems but identify paths to positive outcomes. In this role you will develop and maintain the security strategies used to secure our DevOps process. You will collaborate with development, engineering, and operations teams to advocate secure coding practices, incorporate security into the CI/CD pipeline, and ensure the secure deployment and operation of all IT systems. As a direct report to the Vice President of Security Architecture, this individual contributor role will be critical to the success of the Global Security Architecture team and represent a key technical leadership position for our strategy. Aon is in the business of better decisions At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed. What the day will look like + Develop requirements, user stories, and success criteria, and ensure they are included in and evaluated as part of project methodologies + Represent Global Security in DevSecOps working groups + Identify opportunities to implement infrastructure as code practices, and partner with key stakeholders in execution + Integrate security controls into the SDLC process and DevSecOps pipelines + Continuously improve internal processes by rationalizing or removing friction in DevSecOps and Application Security processes + Build compelling business cases to help business leaders understand security perspectives + Provide thought leadership to standards and policies, including SDLC and Secure Coding practices + Review and provide guidance to technical designs and create secure design patterns + Develop and maintain easily consumable reference architectures + Develop and maintain automation scripts and tools to enhance security and efficiency of deployment processes. + Establish or contribute to logging, monitoring, and auditing processes to ensure compliance requirements are met. Skills and experience that will lead to success + Experience working with and setting strategy for modern DevSecOps programs, integrating security controls into DevOps processes. + Experience with leading CI/CD tools such as Jenkins, Gitlab CI, or Circle CI. + Experience in IT roles such as development, security, or operations. + Experience with leading IaC tools such as Terraform, AWS CloudFormation, or Azure Resource Manager. + Strong knowledge of container technologies such as Docker and Kubernetes. + Collaborative mindset, with a focus on creative problem solving, and ability to build alliances across varied stakeholders. + Experience with and awareness of leading code security technology capabilities such as SAST, DAST, SCA, etc. + Experience working with AWS, Azure, Google Cloud Platforms, and their security services. + Experience setting and maintaining secure coding guidelines and principles. + Experience with implementing infrastructure as code practices at enterprise scale. + Expert level understanding of Microsoft technologies, including Azure DevOps, GitHub Enterprise, and Azure services. Preferred + Experience with cloud technologies such as Cloud Access Security Brokers (CASB), Cloud Workload Protection Platforms (CWPP), Cloud Native Application Protection Platforms (CNAPP), Cloud Security Posture Management (CSPM). + Experience with or familiarity with cloud incident response practices. + Experience working in a globally distributed environment. + Experience working with a global team and liaising with both IT and non-IT colleagues. + Comfortable presenting management information/reporting to senior management + Previous experience in a regulated financial services environment + ·Previous experience of working with outsourced service providers + Experience authoring requirements for technical tooling + Proficiency with programming languages such as .net and python Education + BA/BS degree or international equivalent in a relevant subject or equivalent work experience. + Security certifications such as CISSP or other industry standards How we support our colleagues In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognise that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working! Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued. Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace. Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com #LINKEDINTAG 2548802 Job Title - DevSecOps Architect The Global Security Architecture team is seeking a strategy minded DevSecOps Architect. The Security Architecture team values creative problem solvers who will not just admire problems but identify paths to positive outcomes. In this role you will develop and maintain the security strategies used to secure our DevOps process. You will collaborate with development, engineering, and operations teams to advocate secure coding practices, incorporate security into the CI/CD pipeline, and ensure the secure deployment and operation of all IT systems. As a direct report to the Vice President of Security Architecture, this individual contributor role will be critical to the success of the Global Security Architecture team and represent a key technical leadership position for our strategy. Aon is in the business of better decisions At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed. What the day will look like + Develop requirements, user stories, and success criteria, and ensure they are included in and evaluated as part of project methodologies + Represent Global Security in DevSecOps working groups + Identify opportunities to implement infrastructure as code practices, and partner with key stakeholders in execution + Integrate security controls into the SDLC process and DevSecOps pipelines + Continuously improve internal processes by rationalizing or removing friction in DevSecOps and Application Security processes + Build compelling business cases to help business leaders understand security perspectives + Provide thought leadership to standards and policies, including SDLC and Secure Coding practices + Review and provide guidance to technical designs and create secure design patterns + Develop and maintain easily consumable reference architectures + Develop and maintain automation scripts and tools to enhance security and efficiency of deployment processes. + Establish or contribute to logging, monitoring, and auditing processes to ensure compliance requirements are met. Skills and experience that will lead to success + Experience working with and setting strategy for modern DevSecOps programs, integrating security controls into DevOps processes. + Experience with leading CI/CD tools such as Jenkins, Gitlab CI, or Circle CI. + Experience in IT roles such as development, security, or operations. + Experience with leading IaC tools such as Terraform, AWS CloudFormation, or Azure Resource Manager. + Strong knowledge of container technologies such as Docker and Kubernetes. + Collaborative mindset, with a focus on creative problem solving, and ability to build alliances across varied stakeholders. + Experience with and awareness of leading code security technology capabilities such as SAST, DAST, SCA, etc. + Experience working with AWS, Azure, Google Cloud Platforms, and their security services. + Experience setting and maintaining secure coding guidelines and principles. + Experience with implementing infrastructure as code practices at enterprise scale. + Expert level understanding of Microsoft technologies, including Azure DevOps, GitHub Enterprise, and Azure services. Preferred + Experience with cloud technologies such as Cloud Access Security Brokers (CASB), Cloud Workload Protection Platforms (CWPP), Cloud Native Application Protection Platforms (CNAPP), Cloud Security Posture Management (CSPM). + Experience with or familiarity with cloud incident response practices. + Experience working in a globally distributed environment. + Experience working with a global team and liaising with both IT and non-IT colleagues. + Comfortable presenting management information/reporting to senior management + Previous experience in a regulated financial services environment + ·Previous experience of working with outsourced service providers + Experience authoring requirements for technical tooling + Proficiency with programming languages such as .net and python Education + BA/BS degree or international equivalent in a relevant subject or equivalent work experience. + Security certifications such as CISSP or other industry standards How we support our colleagues In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognise that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working! Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued. Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace. Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com #LINKEDINTAG