PPL Corporation Enterprise Cyber Threat Analyst - Lead, REMOTE in Allentown, Pennsylvania
Enterprise Cyber Threat Analyst - Lead, REMOTE
Evolve and improve the threat hunting and adversary emulation program at PPL Corporation.
Serve as threat hunting subject matter expert for all PPL Corporation and foster collaboration between security operations teams.
Create innovative hunting techniques and lead initiatives for implementing new hunting capabilities across multiple operating companies.
Perform analysis of advanced adversary tactics, techniques, and procedures (i.e., TTP’s) that are considered a threat to ICS operators and the utility industry.
Perform threat modeling using known TTP’s to map to organization controls or detections and identify defensive gaps, recommending opportunities to prevent, mitigate or ensure against identified risks.
Lead threat hunting activities across the organization leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies.
Hunt for and identify threat actor groups and their techniques, tools and processes.
Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses.
Author, update, and maintain SOP’s, playbooks and work instructions.
Utilize threat Intelligence and threat models to create threat hypothesis for threat hunting.
Plan and scope threat hunts to verify hypothesis.
Create, recommend, and assist with the development of new security content as the result of hunts to include signatures, alerts, workflows, and automations to facilitate threat hunting.
Coordinate with different teams to improve threat detection, response, and improve overall security posture of the enterprise.
Perform network and host-based forensics during threat hunts to support threat hunting team conclusions of whether an event should be communicated to security operations teams for further analysis.
Compile detailed investigation and analysis reports for internal security SME stakeholder consumption and delivery to management.
Experience communicating observations from threat hunting into presentations and/or formal reports for consumption at all levels of management.
Track threat actors and TTPs by capturing intelligence on threat actor TTPs and developing countermeasures in response to threat actors
Analyze malicious campaigns and evaluate effectiveness of security technologies.
Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed.
Develop advanced queries and alerts to detect adversary actions.
Provide expert analytic investigative support of large scale and complex security incidents.
The Enterprise Security Cyber Threat Analyst–Lead, will be a key member of the PPL Enterprise Security team in the Office of the CISO and will be responsible for leading threat actor-based investigations, developing new detection methodologies, and leading or providing expert support to incident response and monitoring functions. The focus of the Cyber Threat Analyst-Lead is to detect, disrupt and eradicate the presence of threat actors within PPL’s enterprise networks. To execute this mission, the Cyber Threat Analyst - Lead will use a process driven approach, data analysis, threat intelligence, and cutting-edge security technologies. The Cyber Threat Analyst – Lead will apply analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats. This role is a PPL Services employee role with a scope of work that spans PPL Corporate Enterprise with a focus on PPL’s operating companies of PPL Electric Utilities based in eastern Pennsylvania and Louisville Gas & Electric and Kentucky Utilities based in Kentucky. This role reports to the Cyber Threat Intelligence Manager and is a full-time remote position.
Candidates must meet the basic qualifications and pass all required tests or assessments to receive consideration.In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility form upon hire.
BS in Computer Science, Information Security, Computer Science, Computer Forensics, related field or equivalent work experience.
One or more relevant industry cyber security certifications (CISSP, GCIA, GCFA, GCIH, GREM, CEH, etc.).
8+ years of relevant cyber security experience in IT Security, Incident Response, network security with strong knowledge working in a SOC or deep technical experience in network engineering, Windows, Linux/Unix administration where security was a focus.
5+ years of experience with the incident response process, including detecting advanced adversaries, log analysis using a SIEM, and malware triage.
Experience with a SIEM, search language, techniques, alerts, dashboards, report building and creation of automated log correlations.
Experience with threat hunting and adversary tracking.
Strong analytical and investigation skills.
Experience in a leadership role over technical analysts or a proven track record of promotion throughout career.
Equal Employment Opportunity:
Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.
Regular or Temporary:
Master’s Degree or 20+ years technical experience.
Experience in creating, growing and maintaining a threat hunting program.
5+ years of experience in the energy sector.
Experience converting intelligence into actionable security detections, mitigation, and technical control recommendations.
Experience in analyzing malware / offensive tools and threat actor tactics, techniques, and procedures to characterize threat actor technical methods for accomplishing their objectives or mission.
Experience with creating automated log correlations in a SIEM tool to identify anomalous and potentially malicious behavior.
Experience performing malware analysis (and reverse engineering), network forensics, endpoint protection, and scripting.
Experience with a common scripting or programming language, including Perl, Python, Bash or PowerShell Shell.
Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions.
Knowledge of typical behaviors of both malware and threat actors and how common protocols and applications work at the network level, including DNS, HTTP, and SMB.
Experience with the Windows file system and registry functions or *NIX operating systems and command line tools.
Experience with Snort, Bro, Zeek or other network monitoring and intrusion detection tools
Detailed understanding of the TCP/IP networking stack & network technologies.
Working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.)
Experience in performing or coordinating ethical hacking or red team activities.
Full-time or Part-time:
As one of the largest investor-owned companies in the U.S. utility sector, PPL Corporation delivers on its promises to customers, investors, employees and the communities we serve. Our utilities - Western Power Distribution, Louisville Gas and Electric and Kentucky Utilities, and PPL Electric Utilities - provide an outstanding service experience for our customers, consistently ranking among the best in the United States and the United Kingdom. PPL has grown from a company with customers and facilities in one region of Pennsylvania to a diverse energy company with more than 10 million customers in the U.S. and the U.K. PPL provides energy for millions of customers while providing challenging and rewarding careers for thousands of employees around the U.S. and abroad.
Follow PPL Corporation on social media
Follow PPL Electric Utilities on social media
PPL Electric Stories
- PPL Corporation Jobs