PPL Corporation Cyber Threat Intelligence Analyst - Specialist in Allentown, Pennsylvania
Cyber Threat Intelligence Analyst - Specialist
Research, analysis, and response for alerts; including log retrieval and documentation
Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
Perform general SIEM monitoring, analysis, content development, and maintenance
Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management
Track threat actors and associated tactics, techniques, and procedures (TTPs) by capturing intelligence on threat actor TTPs and developing countermeasures in response to threat actors
Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs
Analyze malicious campaigns and evaluate effectiveness of security technologies
Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
Develop advanced queries and alerts to detect adversary actions
Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies
Assist with response and investigation efforts into advanced/targeted attacks
Hunt for and identify threat actor groups and their techniques, tools and processes
Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses
Provide analytic investigative support of large scale and complex security incidents
Perform Root Cause Analysis of security incidents for further enhancement of alert catalog
Continuously improve processes for use across multiple detection sets for more efficient Security Operations
Perform regular updates of existing Playbooks based on changes in the Threat Landscape or upon discovery of new threat tactics or procedures.
Expected travel up to 25% at the start of the role. Over time, travel is expected to be up to 10% through use of remote communication / meeting capabilities.
Position can be based in Allentown, PA or in Louisville KY, and may have a virtual office at secondary location.
Physical presence in the office/on-site to engage in face-to-face interaction and coordination of work among direct reports and co-workers.
The Enterprise Security Cyber Threat Analyst will be a key member of the PPL Enterprise Security team and will be responsible for participating in threat actor based investigations, creating new detection methodologies, and providing support to incident response and monitoring functions. The focus of the Cyber Threat Analyst is to detect, disrupt and eradicate the presence of threat actors PPL’s enterprise networks. To execute this mission, the Cyber Threat Analyst will use data analysis, threat intelligence, and cutting-edge security technologies. The Cyber Threat Analyst will directly support the Security Operations Center by applying analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response. This role is a PPL Services employee role with a scope of work that spans PPL Enterprise with a focus on PPL EU and LGE/KU, with some coordination responsibilities with Western Power Distribution (UK). This role reports to the Cyber Threat Intelligence Manager.
Candidates must meet the basic qualifications and pass all required tests or assessments to receive consideration.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility form upon hire.
BS in Computer Science, Information Security, Computer Science, Computer Forensics or related field
One or more relevant industry cyber security certifications (CISSP, GCIA, GCIH, GREM, CEH, etc.)
5+ years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a SOC
3+ years of experience with the incident response process, including detecting advanced adversaries, log analysis using Splunk or similar tools, and malware triage
Experience with splunk (or similar tool) search language, techniques, alerts, dashboards, report building and creation of automated log correlations.
Experience with active threat hunting and adversary tracking
Strong analytical and investigation skills
Equal Employment Opportunity:
Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.
Regular or Temporary:
Experience converting intelligence into actionable mitigation and technical control recommendations
Experience in analyzing malware / offensive tools and threat actor tactics, techniques, and procedures to characterize threat actors technical methods for accomplishing their objectives or missions
Experience with creating automated log correlations in Splunk, ELK, or a similar tool to identify anomalous and potentially malicious behavior
Experience performing malware analysis (and reverse engineering), network forensics, endpoint protection, and scripting
Experience with a common scripting or programming language, including Perl, Python, Bash or Shell, PowerShell, or batch
Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions
Knowledge of typical behaviors of both malware and threat actors and how common protocols and applications work at the network level, including DNS, HTTP, and SMB.
Experience with the Windows file system and registry functions or *NIX operating systems and command line tools
Experience with Snort, Bro or other network intrusion detection tools
Detailed understanding of the TCP/IP networking stack & network technologies
Working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.)
Experience in Ethical Hacking or Red Team
A passion for research, and uncovering the unknown about internet threats and threat actors
Full-time or Part-time:
As one of the largest investor-owned companies in the U.S. utility sector, PPL Corporation delivers on its promises to customers, investors, employees and the communities we serve. Our utilities – Western Power Distribution, Louisville Gas and Electric and Kentucky Utilities, and PPL Electric Utilities – provide an outstanding service experience for our customers, consistently ranking among the best in the United States and the United Kingdom. PPL has grown from a company with customers and facilities in one region of Pennsylvania to a diverse energy company with more than 10 million customers in the U.S. and the U.K. PPL provides energy for millions of customers while providing challenging and rewarding careers for thousands of employees around the U.S. and abroad.
Follow PPL Corporation on social media
Twitter: @PPLCorporation ( https://twitter.com/PPLCorporation )
LinkedIn ( https://www.linkedin.com/company/ppl-corporation )
Follow PPL Electric Utilities on social media
Twitter: @PPLElectric ( https://twitter.com/PPLElectric )
Facebook ( www.facebook.com/PPLElectric )