Cyber Investigations and Response Lead

Your responsibilities, Incident Response & Investigations, • Lead or support end-to-end investigations for security incidents, from initial triage through containment, eradication, and recovery., • Perform detailed analysis of alerts, logs, and telemetry across multiple domains (SIEM, endpoint, identity, network, cloud, email, and third-party sources) to determine scope, root cause, and business impact., • Partner closely with AC3 Threat Detection & Response (TDR) teams to validate true positives, refine investigative hypotheses, and improve the quality and reliability of detection signals., • Develop clear incident timelines, findings, and technical assessments, ensuring accurate and complete case documentation., • Maintain high-quality incident records and evidence within Aon’s case management and response tooling., , Crisis & Stakeholder Coordination, • Support crisis execution during major or high-severity incidents, collaborating with GEOC, Legal, Risk, Audit, Communications, and business leadership as required., • Translate technical findings into clear, risk-based insights for both technical and non-technical audiences., • Follow and reinforce consistent escalation and communication patterns—ensuring the right stakeholders are informed at the right time with the right level of detail., • Contribute to calm, structured, and disciplined response execution during high-pressure events., , Playbooks, Procedures & Readiness, • Help develop, maintain, and improve incident response runbooks, playbooks, and standard operating procedures for common and high-impact scenarios (e.g., ransomware, BEC, insider threat, data exfiltration, cloud compromise)., • Participate in, and help design, tabletop exercises and simulations to test technical response and crisis readiness., • Support audit, regulatory, and internal assurance activities by clearly documenting response processes, decisions, and evidence of execution., , Continuous Improvement & Threat Informed Defense, • Lead or contribute to lessons learned activities following incidents and near misses; track improvement actions through to completion., • Partner with vulnerability management, identity, infrastructure, cloud, and application security teams to ensure investigation insights drive real risk reduction., • Identify detection and visibility gaps and work with TDR to enhance telemetry, tune detections, and improve signal-to-noise ratios across AC3., • Strengthen Aon’s threat informed defense by feeding investigative insights back into controls, detections, and processes., , Collaboration & Global Alignment, • Operate within a follow the sun global model, coordinating with CIR and TDR peers across North America, EMEA, and APAC., • Support alignment of tools, telemetry, processes, and reporting across regions to enable consistent, scalable operations., • Contribute to a culture of collaboration, shared ownership, and continuous improvement across AC3 and Global Cybersecurity Solutions.

Professional experience in cybersecurity operations, incident response, digital forensics, threat hunting, or a closely related discipline., Strong understanding of core security domains, including: Network security; Endpoint security; Identity and access management; Cloud security fundamentals; Common attack techniques (MITRE ATT&CK familiarity preferred), Hands-on experience with multiple security technologies, such as: SIEM platforms (log analysis, investigation, correlation); EDR/EPP tools; Network security tools (firewalls, proxies, IDS/IPS); Email security and identity platforms; Cloud security and logging solutions, Demonstrated ability to analyze telemetry, develop investigative hypotheses, and methodically work incidents through to resolution., Strong written and verbal communication skills, including the ability to produce clear technical documentation and concise executive-level summaries., Familiarity with structured incident response frameworks (e.g., NIST, SANS, ISO) is preferred., Preferred:

Optional, Experience in a large, complex, or global enterprise environment., Prior work experience in a SOC, DFIR function, or Cyber Incident Response Team., Familiarity with automation or scripting (e.g., Python, PowerShell, KQL, or SOAR platforms) to accelerate investigations and response., Experience working with SOAR or case management platforms in an operational environment., Relevant industry certifications (e.g., GCIA, GCFA, GNFA, GCIH, CISSP, CISM) are a plus but not required.

Benefits, private medical care, remote work opportunities, integration events, dental care, corporate sports team, corporate library, no dress code, extra social benefits, employee referral program, extra leave

additional-module

How we support our colleagues?, In addition to our comprehensive benefits package, we encourage an inclusive workforce. Plus, our agile environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions for our colleagues as well., , Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued., , Aon values an innovative and inclusive workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace., , Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status., , We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com

Aon Sp. z o.o., At Aon, we shape decisions for the better to protect and enrich the lives of people around the world!, , As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

This is how we work,

About the project

The Cybersecurity Investigations & Response (CIR) team within AC3 (Aon’s Global Cybersecurity Operations) is responsible for leading and coordinating incident response, conducting in‑depth investigations, and continuously improving how Aon detects, responds to, and recovers from cyber events.

As a Cybersecurity Investigations & Response Lead, you will play a critical role in investigating and responding to security incidents across Aon’s North America region. You will work closely with Threat Detection & Response (TDR), Global Security Operations, IT, Legal, Risk, Audit, and business stakeholders to ensure incidents are handled effectively and consistently.

This role focuses on deep investigation, coordination, and response leadership—ensuring incidents are executed according to defined processes, evidence is preserved, risks are clearly understood, and lessons learned drive measurable improvements across Aon’s cybersecurity program.

Aon is in the business of better decisions:

At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

Your responsibilities

Incident Response & Investigations

• Lead or support end-to-end investigations for security incidents, from initial triage through containment, eradication, and recovery.

• Perform detailed analysis of alerts, logs, and telemetry across multiple domains (SIEM, endpoint, identity, network, cloud, email, and third-party sources) to determine scope, root cause, and business impact.

• Partner closely with AC3 Threat Detection & Response (TDR) teams to validate true positives, refine investigative hypotheses, and improve the quality and reliability of detection signals.

• Develop clear incident timelines, findings, and technical assessments, ensuring accurate and complete case documentation.

• Maintain high-quality incident records and evidence within Aon’s case management and response tooling.

Crisis & Stakeholder Coordination

• Support crisis execution during major or high-severity incidents, collaborating with GEOC, Legal, Risk, Audit, Communications, and business leadership as required.

• Translate technical findings into clear, risk-based insights for both technical and non-technical audiences.

• Follow and reinforce consistent escalation and communication patterns—ensuring the right stakeholders are informed at the right time with the right level of detail.

• Contribute to calm, structured, and disciplined response execution during high-pressure events.

Playbooks, Procedures & Readiness

• Help develop, maintain, and improve incident response runbooks, playbooks, and standard operating procedures for common and high-impact scenarios (e.g., ransomware, BEC, insider threat, data exfiltration, cloud compromise).

• Participate in, and help design, tabletop exercises and simulations to test technical response and crisis readiness.

• Support audit, regulatory, and internal assurance activities by clearly documenting response processes, decisions, and evidence of execution.

Continuous Improvement & Threat Informed Defense

• Lead or contribute to lessons learned activities following incidents and near misses; track improvement actions through to completion.

• Partner with vulnerability management, identity, infrastructure, cloud, and application security teams to ensure investigation insights drive real risk reduction.

• Identify detection and visibility gaps and work with TDR to enhance telemetry, tune detections, and improve signal-to-noise ratios across AC3.

• Strengthen Aon’s threat informed defense by feeding investigative insights back into controls, detections, and processes.

Collaboration & Global Alignment

• Operate within a follow the sun global model, coordinating with CIR and TDR peers across North America, EMEA, and APAC.

• Support alignment of tools, telemetry, processes, and reporting across regions to enable consistent, scalable operations.

• Contribute to a culture of collaboration, shared ownership, and continuous improvement across AC3 and Global Cybersecurity Solutions.

How we support our colleagues?

In addition to our comprehensive benefits package, we encourage an inclusive workforce. Plus, our agile environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions for our colleagues as well.

Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.

Aon values an innovative and inclusive workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.

Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status.

We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com

additional-module

How we support our colleagues?, In addition to our comprehensive benefits package, we encourage an inclusive workforce. Plus, our agile environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions for our colleagues as well., , Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued., , Aon values an innovative and inclusive workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace., , Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status., , We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com

About the project

The Cybersecurity Investigations & Response (CIR) team within AC3 (Aon’s Global Cybersecurity Operations) is responsible for leading and coordinating incident response, conducting in‑depth investigations, and continuously improving how Aon detects, responds to, and recovers from cyber events.

As a Cybersecurity Investigations & Response Lead, you will play a critical role in investigating and responding to security incidents across Aon’s North America region. You will work closely with Threat Detection & Response (TDR), Global Security Operations, IT, Legal, Risk, Audit, and business stakeholders to ensure incidents are handled effectively and consistently.

This role focuses on deep investigation, coordination, and response leadership—ensuring incidents are executed according to defined processes, evidence is preserved, risks are clearly understood, and lessons learned drive measurable improvements across Aon’s cybersecurity program.

Aon is in the business of better decisions:

At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

Your responsibilities

Incident Response & Investigations

• Lead or support end-to-end investigations for security incidents, from initial triage through containment, eradication, and recovery.

• Perform detailed analysis of alerts, logs, and telemetry across multiple domains (SIEM, endpoint, identity, network, cloud, email, and third-party sources) to determine scope, root cause, and business impact.

• Partner closely with AC3 Threat Detection & Response (TDR) teams to validate true positives, refine investigative hypotheses, and improve the quality and reliability of detection signals.

• Develop clear incident timelines, findings, and technical assessments, ensuring accurate and complete case documentation.

• Maintain high-quality incident records and evidence within Aon’s case management and response tooling.

Crisis & Stakeholder Coordination

• Support crisis execution during major or high-severity incidents, collaborating with GEOC, Legal, Risk, Audit, Communications, and business leadership as required.

• Translate technical findings into clear, risk-based insights for both technical and non-technical audiences.

• Follow and reinforce consistent escalation and communication patterns—ensuring the right stakeholders are informed at the right time with the right level of detail.

• Contribute to calm, structured, and disciplined response execution during high-pressure events.

Playbooks, Procedures & Readiness

• Help develop, maintain, and improve incident response runbooks, playbooks, and standard operating procedures for common and high-impact scenarios (e.g., ransomware, BEC, insider threat, data exfiltration, cloud compromise).

• Participate in, and help design, tabletop exercises and simulations to test technical response and crisis readiness.

• Support audit, regulatory, and internal assurance activities by clearly documenting response processes, decisions, and evidence of execution.

Continuous Improvement & Threat Informed Defense

• Lead or contribute to lessons learned activities following incidents and near misses; track improvement actions through to completion.

• Partner with vulnerability management, identity, infrastructure, cloud, and application security teams to ensure investigation insights drive real risk reduction.

• Identify detection and visibility gaps and work with TDR to enhance telemetry, tune detections, and improve signal-to-noise ratios across AC3.

• Strengthen Aon’s threat informed defense by feeding investigative insights back into controls, detections, and processes.

Collaboration & Global Alignment

• Operate within a follow the sun global model, coordinating with CIR and TDR peers across North America, EMEA, and APAC.

• Support alignment of tools, telemetry, processes, and reporting across regions to enable consistent, scalable operations.

• Contribute to a culture of collaboration, shared ownership, and continuous improvement across AC3 and Global Cybersecurity Solutions.

How we support our colleagues?

In addition to our comprehensive benefits package, we encourage an inclusive workforce. Plus, our agile environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions for our colleagues as well.

Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.

Aon values an innovative and inclusive workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.

Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status.

We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com

additional-module

How we support our colleagues?, In addition to our comprehensive benefits package, we encourage an inclusive workforce. Plus, our agile environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions for our colleagues as well., , Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued., , Aon values an innovative and inclusive workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace., , Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status., , We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com

Aon Sp. z o.o., At Aon, we shape decisions for the better to protect and enrich the lives of people around the world!, , As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

This is how we work,

About the project

The Cybersecurity Investigations & Response (CIR) team within AC3 (Aon’s Global Cybersecurity Operations) is responsible for leading and coordinating incident response, conducting in‑depth investigations, and continuously improving how Aon detects, responds to, and recovers from cyber events.

As a Cybersecurity Investigations & Response Lead, you will play a critical role in investigating and responding to security incidents across Aon’s North America region. You will work closely with Threat Detection & Response (TDR), Global Security Operations, IT, Legal, Risk, Audit, and business stakeholders to ensure incidents are handled effectively and consistently.

This role focuses on deep investigation, coordination, and response leadership—ensuring incidents are executed according to defined processes, evidence is preserved, risks are clearly understood, and lessons learned drive measurable improvements across Aon’s cybersecurity program.

Aon is in the business of better decisions:

At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

Your responsibilities

Incident Response & Investigations

• Lead or support end-to-end investigations for security incidents, from initial triage through containment, eradication, and recovery.

• Perform detailed analysis of alerts, logs, and telemetry across multiple domains (SIEM, endpoint, identity, network, cloud, email, and third-party sources) to determine scope, root cause, and business impact.

• Partner closely with AC3 Threat Detection & Response (TDR) teams to validate true positives, refine investigative hypotheses, and improve the quality and reliability of detection signals.

• Develop clear incident timelines, findings, and technical assessments, ensuring accurate and complete case documentation.

• Maintain high-quality incident records and evidence within Aon’s case management and response tooling.

Crisis & Stakeholder Coordination

• Support crisis execution during major or high-severity incidents, collaborating with GEOC, Legal, Risk, Audit, Communications, and business leadership as required.

• Translate technical findings into clear, risk-based insights for both technical and non-technical audiences.

• Follow and reinforce consistent escalation and communication patterns—ensuring the right stakeholders are informed at the right time with the right level of detail.

• Contribute to calm, structured, and disciplined response execution during high-pressure events.

Playbooks, Procedures & Readiness

• Help develop, maintain, and improve incident response runbooks, playbooks, and standard operating procedures for common and high-impact scenarios (e.g., ransomware, BEC, insider threat, data exfiltration, cloud compromise).

• Participate in, and help design, tabletop exercises and simulations to test technical response and crisis readiness.

• Support audit, regulatory, and internal assurance activities by clearly documenting response processes, decisions, and evidence of execution.

Continuous Improvement & Threat Informed Defense

• Lead or contribute to lessons learned activities following incidents and near misses; track improvement actions through to completion.

• Partner with vulnerability management, identity, infrastructure, cloud, and application security teams to ensure investigation insights drive real risk reduction.

• Identify detection and visibility gaps and work with TDR to enhance telemetry, tune detections, and improve signal-to-noise ratios across AC3.

• Strengthen Aon’s threat informed defense by feeding investigative insights back into controls, detections, and processes.

Collaboration & Global Alignment

• Operate within a follow the sun global model, coordinating with CIR and TDR peers across North America, EMEA, and APAC.

• Support alignment of tools, telemetry, processes, and reporting across regions to enable consistent, scalable operations.

• Contribute to a culture of collaboration, shared ownership, and continuous improvement across AC3 and Global Cybersecurity Solutions.

How we support our colleagues?

In addition to our comprehensive benefits package, we encourage an inclusive workforce. Plus, our agile environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions for our colleagues as well.

Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.

Aon values an innovative and inclusive workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.

Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status.

We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com