Location
Allentown, PA | United States
Job description
Company Summary Statement
As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation. PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve. PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.
Overview
The Cybersecurity organization advances the overall state of security at PPL through critical initiatives and coordination of large security and customer-focused projects. The organization builds and procures technologies, tools, and processes to better enable teams at PPL to develop secure platforms and protect data and systems with appropriate security controls. IT Cybersecurity also develops systems to monitor and respond to attacks against our systems, provides educational awareness on security best practices, and ensures data sharing relationships with third parties securely protect PPL information. This is part of the IT Cybersecurity— Governance, Risk, & Compliance team.
PPL is seeking a highly skilled Penetration Tester and Risk Validation Principal to join our Cybersecurity Governance, Risk, & Compliance team. As part of our team, you will be responsible for conducting (and leading) penetration tests, vulnerability assessments, and reporting findings to help detect legacy and bleeding-edge security vulnerabilities in enterprise environments. You should have a firm grasp of networking, system administration, and web application security. The ability to think outside the box and go beyond conventional attack paths and exploits is highly valued by our team.
In this role, you will work closely with IT Infrastructure and Application/Dev teams to ensure the security and configuration of PPL’s infrastructure and systems. You will have direct responsibility for scoping and leading penetration testing efforts using cyber technology such as security posture management and vulnerability scanning tools. You will provide expert guidance, conduct penetration assessments, and provide detailed remediation plans. In addition, your expertise will be applied to validate the completion, effectiveness, and risk reduction of mitigation actions. If you are passionate about ethical hacking and penetration testing, this position is ideal for you.
Responsibilities
Scope and perform penetration testing and vulnerability research of complex proprietary software and hardware for PPL and its operating companies.
Identify and assess vulnerabilities in systems and applications. This includes utilizing manual and automated testing methods to find and exploit code flaws, misconfigurations, and insecure software.
Keep cybersecurity training and knowledge current by monitoring the latest security threats and vulnerabilities.
Write clear and concise penetration testing reports detailing findings and recommendations.
Provide recommendations for remediation of identified vulnerabilities.
Provide expert review of cybersecurity risks, remediation plans, and mitigations, with a primary focus on validating mitigation completion and effectiveness.
Own and lead penetration testing and risk validation program, including detailed strategic planning, execution, and communications to executive leadership.
All other duties and projects as assigned.
Qualifications
Education
Bachelor’s degree in related technical field
Experience
More than 10 years’ experience in related technical discipline
Strong knowledge of various operating systems and networks, and experience with Linux, Windows, and Active Directory.
Proficiency in a programming language such as Python, JavaScript, or C++.
Experience with penetration testing tools and frameworks such as Metasploit, Nmap, BurpSuite and WireShark.
Knowledge of web application security, including experience with web application scanners and manual testing techniques.
Experience with a variety of security tools and techniques and the ability to write scripts to automate tasks.
Experience with cybersecurity risk programs, mitigation development, and validation of implementations, effectiveness, and risk reduction.
Strong communication and writing skills for technical findings/requirements and executive-level briefings.
Preferred Qualifications
Master’s degree in related technical field
A degree or one recognized certification such as the CPTS penetration testing certification, CompTIA PenTest+, or OSCP.
Experience with cloud and container technologies like AWS, Azure, and Kubernetes.
Hands-on experience and a strong track record of successfully identifying and exploiting vulnerabilities.
Education
Bachelor’s degree in related technical field
Experience
More than 10 years’ experience in related technical discipline
Strong knowledge of various operating systems and networks, and experience with Linux, Windows, and Active Directory.
Proficiency in a programming language such as Python, JavaScript, or C++.
Experience with penetration testing tools and frameworks such as Metasploit, Nmap, BurpSuite and WireShark.
Knowledge of web application security, including experience with web application scanners and manual testing techniques.
Experience with a variety of security tools and techniques and the ability to write scripts to automate tasks.
Experience with cybersecurity risk programs, mitigation development, and validation of implementations, effectiveness, and risk reduction.
Strong communication and writing skills for technical findings/requirements and executive-level briefings.
Preferred Qualifications
Master’s degree in related technical field
A degree or one recognized certification such as the CPTS penetration testing certification, CompTIA PenTest+, or OSCP.
Experience with cloud and container technologies like AWS, Azure, and Kubernetes.
Hands-on experience and a strong track record of successfully identifying and exploiting vulnerabilities.
Scope and perform penetration testing and vulnerability research of complex proprietary software and hardware for PPL and its operating companies.
Identify and assess vulnerabilities in systems and applications. This includes utilizing manual and automated testing methods to find and exploit code flaws, misconfigurations, and insecure software.
Keep cybersecurity training and knowledge current by monitoring the latest security threats and vulnerabilities.
Write clear and concise penetration testing reports detailing findings and recommendations.
Provide recommendations for remediation of identified vulnerabilities.
Provide expert review of cybersecurity risks, remediation plans, and mitigations, with a primary focus on validating mitigation completion and effectiveness.
Own and lead penetration testing and risk validation program, including detailed strategic planning, execution, and communications to executive leadership.
All other duties and projects as assigned.
Remote Work
The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both. Assigned work location may change. In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.
Equal Employment Opportunity
Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.
Job tags
Salary