PPL Corporation Senior Cyber Threat Analyst- Remote in Allentown, Pennsylvania
Senior Cyber Threat Analyst- Remote
Responsibilities & Technical Skills
• Perform daily hands-on-keyboard activities that focus on analyzing various metadata from network and host appliances including abnormal machine or user behavior analytics.
• Identify vulnerabilities that affect networks and systems and develop countermeasure or mitigations to resolve or alert on.
• Mature and manage enterprise solution for Security Information Event Manager (SIEM). Responsible for customizing alerts and parsing new data sources.
• Experience with SEIM (e.g., Splunk/Qradar) data manipulation and alert creation Identify security gaps and evaluate enhancements: Perform data/log gap analysis and solutions to improve capabilities, both internally and externally available.
• Implement new technologies and work processes: Integrate security technologies that support threat and vulnerability reduction, incident response, and anomaly detection.
• Provide oversight to log collection and analysis of system security reports and summarize data and trends.
• Responsible for identifying new data sources, and capabilities to improve data collection and alerting standards.
• Implement, mature, and manage enterprise solutions for logging and monitoring tasks.
• Monitor/subscribe to opensource information and repositories of reliable Cyber and technical groups with the purpose of continuing education, awareness, and improve network and host threat detection and hardening.
• Analyze opensource information and tailor findings/alerts to the network.
• Utilize intrusion detection systems (IDS’s) to monitor network system (LANs, WANs, VPNs, routers, firewalls, and related security and network devices) for indicators of compromise (IOCs)
• Integrate technical, managerial, and financial considerations when sponsoring solutions.
• Proactively identify potential network threats and cyber threats and recommend preemptive remedial actions.
• Investigate network security events, conducting root-cause analysis to identify threats for recurring incidents.
• Monitor and track incidents related to network access, network intrusion, cyber security, and regulatory compliance.
• Maintain security by monitoring, ensuring compliance to standards, policies, and procedures; conducting incident response analyses; and conducting training programs.
May be assigned an Electric Utilities emergency and storm role. This is a special assignment that comes into play during storms and other emergencies when the company needs to restore power or respond to other issues affecting customer service. This role may necessitate the need to work after-hours, outside of your normal schedule.
Fully remote opportunity.
The IT Cybersecurity organization advances the overall state of security at PPL EU through critical initiatives and coordination of large security and customer-focused projects. The organization builds and procures technologies, tools, and processes to better enable teams at PPL EU to develop secure platforms and protect data and systems with appropriate security controls. IT Cybersecurity also develops systems to monitor and respond to attacks against our systems, provides awareness education to the corporation on security best practices, and ensures data sharing relationships with third parties securely protect PPL information. This role will be part of the IT Cybersecurity – Threat Response team.
Senior Level Requirements and Standards: Employees are assigned and expected to complete a wide range of complex tasks/objectives in non-routine situations. Apply independent judgement and leverage extensive technical knowledge and experience to complete assignments. Senior Level employees prioritize work, establish deadlines and effectively communicate status to stakeholders. Required to establish collaborative relationships within and outside their immediate organization by leading and coordinating projects, tasks, and initiatives. Mentor junior analysts and increase overall team skill levels.
Responsibilities focus on the identification of malicious cyber actors by implementing detection logic and leveraging log-based analysis within the corporate SIEM. Employee will leverage strong knowledge of disparate device operating systems, network infrastructure and cyber actor tactics, techniques, and procedures to implement effective detection logic to eliminate risk to corporate networks.
Candidates must meet the basic qualifications and pass all required tests or assessments to receive consideration.In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility form upon hire.
The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both. Assigned work location may change. In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.
This position is a safety-sensitive role. Upon acceptance of a conditional offer, all individuals in safety-sensitive roles are obligated report the use of any medication that may impair their ability to perform the job in a safe manner.
Bachelor's degree and 5 years of related work experience OR 8 years of related work experience
SIEM experience creating searches, analytics, and alerts and understanding how to pivot in the data fields for investigative purposes.
Ability to mine and respond to Indicators of Compromise (IOCs)
Understands advanced persistent threat (APT) infection and attack chains, including tactics, techniques, and procedures (TTPs)
Ability to create custom data parsers to analyze event logging from various device, packet captures, and metadata.
Knowledge of the MITRE Threat (ATT&CK) Framework
Equal Employment Opportunity:
Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.
Regular or Temporary:
Experience with NIST, NERC CIP, SOX and PCI requirements
SANs Certifications around Incident Response, Monitoring and Detection, Cyber Defense Operations, and/or Threat Intelligence and Forensics
Certified Information Systems Security Professional- CISSP
Full-time or Part-time:
As one of the largest investor-owned companies in the U.S. utility sector, PPL Corporation delivers on its promises to customers, investors, employees and the communities we serve. Our utilities - Western Power Distribution, Louisville Gas and Electric and Kentucky Utilities, and PPL Electric Utilities - provide an outstanding service experience for our customers, consistently ranking among the best in the United States and the United Kingdom. PPL has grown from a company with customers and facilities in one region of Pennsylvania to a diverse energy company with more than 10 million customers in the U.S. and the U.K. PPL provides energy for millions of customers while providing challenging and rewarding careers for thousands of employees around the U.S. and abroad.
Follow PPL Corporation on social media
Follow PPL Electric Utilities on social media
PPL Electric Stories
- PPL Corporation Jobs