PPL Corporation Cyber Threat Intelligence Analyst - Specialist in Allentown, Pennsylvania



Cyber Threat Intelligence Analyst - Specialist

Primary Responsibilities:

  • Research, analysis, and response for alerts; including log retrieval and documentation

  • Conduct analysis of network traffic and host activity across a wide array of technologies and platforms

  • Perform general SIEM monitoring, analysis, content development, and maintenance

  • Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts

  • Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management

  • Track threat actors and associated tactics, techniques, and procedures (TTPs) by capturing intelligence on threat actor TTPs and developing countermeasures in response to threat actors

  • Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs

  • Analyze malicious campaigns and evaluate effectiveness of security technologies

  • Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed

  • Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors

  • Develop advanced queries and alerts to detect adversary actions

  • Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies

  • Assist with response and investigation efforts into advanced/targeted attacks

  • Hunt for and identify threat actor groups and their techniques, tools and processes

  • Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses

  • Provide analytic investigative support of large scale and complex security incidents

  • Perform Root Cause Analysis of security incidents for further enhancement of alert catalog

  • Continuously improve processes for use across multiple detection sets for more efficient Security Operations

  • Perform regular updates of existing Playbooks based on changes in the Threat Landscape or upon discovery of new threat tactics or procedures.


Expected travel up to 25% at the start of the role. Over time, travel is expected to be up to 10% through use of remote communication / meeting capabilities.


Position can be based in Allentown, PA or in Louisville KY, and may have a virtual office at secondary location.

Physical presence in the office/on-site to engage in face-to-face interaction and coordination of work among direct reports and co-workers.

Requisition ID:


Position Summary:

The Enterprise Security Cyber Threat Analyst will be a key member of the PPL Enterprise Security team and will be responsible for participating in threat actor based investigations, creating new detection methodologies, and providing support to incident response and monitoring functions. The focus of the Cyber Threat Analyst is to detect, disrupt and eradicate the presence of threat actors PPL’s enterprise networks. To execute this mission, the Cyber Threat Analyst will use data analysis, threat intelligence, and cutting-edge security technologies. The Cyber Threat Analyst will directly support the Security Operations Center by applying analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response. This role is a PPL Services employee role with a scope of work that spans PPL Enterprise with a focus on PPL EU and LGE/KU, with some coordination responsibilities with Western Power Distribution (UK). This role reports to the Cyber Threat Intelligence Manager.

Candidate Qualifications:

Candidates must meet the basic qualifications and pass all required tests or assessments to receive consideration.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility form upon hire.

Experience Level:


Recruiting Location:


Basic Qualifications:

  1. BS in Computer Science, Information Security, Computer Science, Computer Forensics or related field

  2. One or more relevant industry cyber security certifications (CISSP, GCIA, GCIH, GREM, CEH, etc.)

  3. 5+ years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a SOC

  4. 3+ years of experience with the incident response process, including detecting advanced adversaries, log analysis using Splunk or similar tools, and malware triage

  5. Experience with splunk (or similar tool) search language, techniques, alerts, dashboards, report building and creation of automated log correlations.

  6. Experience with active threat hunting and adversary tracking

  7. Strong analytical and investigation skills

Equal Employment Opportunity:

Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.

Regular or Temporary:


Preferred Qualifications:

  • Master’s Degree

  • Experience converting intelligence into actionable mitigation and technical control recommendations

  • Experience in analyzing malware / offensive tools and threat actor tactics, techniques, and procedures to characterize threat actors technical methods for accomplishing their objectives or missions

  • Experience with creating automated log correlations in Splunk, ELK, or a similar tool to identify anomalous and potentially malicious behavior

  • Experience performing malware analysis (and reverse engineering), network forensics, endpoint protection, and scripting

  • Experience with a common scripting or programming language, including Perl, Python, Bash or Shell, PowerShell, or batch

  • Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions

  • Knowledge of typical behaviors of both malware and threat actors and how common protocols and applications work at the network level, including DNS, HTTP, and SMB.

  • Experience with the Windows file system and registry functions or *NIX operating systems and command line tools

  • Experience with Snort, Bro or other network intrusion detection tools

  • Detailed understanding of the TCP/IP networking stack & network technologies

  • Working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.)

  • Experience in Ethical Hacking or Red Team

  • A passion for research, and uncovering the unknown about internet threats and threat actors

Full-time or Part-time:


Corporate Summary:

As one of the largest investor-owned companies in the U.S. utility sector, PPL Corporation delivers on its promises to customers, investors, employees and the communities we serve. Our utilities – Western Power Distribution, Louisville Gas and Electric and Kentucky Utilities, and PPL Electric Utilities – provide an outstanding service experience for our customers, consistently ranking among the best in the United States and the United Kingdom. PPL has grown from a company with customers and facilities in one region of Pennsylvania to a diverse energy company with more than 10 million customers in the U.S. and the U.K. PPL provides energy for millions of customers while providing challenging and rewarding careers for thousands of employees around the U.S. and abroad.

Follow PPL Corporation on social media

Twitter: @PPLCorporation ( https://twitter.com/PPLCorporation )

LinkedIn ( https://www.linkedin.com/company/ppl-corporation )

Follow PPL Electric Utilities on social media

Twitter: @PPLElectric ( https://twitter.com/PPLElectric )

Facebook ( www.facebook.com/PPLElectric )