Company Summary Statement

　　As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation. PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve. PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.

　　Overview

　　The IT Cybersecurity organization advances the overall state of security at PPL through critical initiatives and coordination of large security and customer-focused projects. The organization builds and procures technologies, tools, and processes to better enable teams at PPL to develop secure platforms and protect data and systems with appropriate security controls. IT Cybersecurity also develops systems to monitor and respond to attacks against our systems, provides awareness education to the corporation on security best practices, and ensures data sharing relationships with third parties securely protect PPL information. This role will be within IT Cybersecurity— Cybersecurity Operations.

　　Purpose

　　The Lead Cybersecurity Detection Specialist is responsible for safeguarding PPL’s digital assets by proactively identifying, analyzing, and responding to potential security threats. Their primary focus lies in the creation of detections that identify anomalous and unauthorized activities within networks, systems, and applications to prevent or minimize cybersecurity incidents. They are expected to be subject matter experts in various cybersecurity concepts and knowledgeable in asset security features. Overall, this position requires the individual to work with cross-functional teams to improve PPL’s security posture by enhancing and maturing detection capabilities.

　　Responsibilities

　　Develop and Improve Detection Signatures and Alerts - create and refine detections and alerts within multiple security tools based on Mitre Att&ck Framework.

　　Monitor Detections and Alerts for Efficacy and Health - ensure that any out-of-box or custom alerts are continuously refined for efficacy, alerting as designed, tuned as needed, and have proper log sources ingesting.

　　Incident Responder and Investigator - respond and assist any team investigations escalated to Cybersecurity Operations.

　　Contextualize Threat Intelligence - stay updated with the latest threat intelligence to understand emerging threats and adapting detection strategies accordingly.

　　Log Analysis - proactive recognition of gaps in detection capabilities, conduct historical log analysis to identify any missed unauthorized activities, and create new detection measures to address gaps.

　　Implement New Tools and Technologies - evaluate and test new security technologies and/or tools that enhance detection and response capabilities.

　　Train and Mentor - conduct training sessions and workshops for team members and employees to raise awareness about security threats.

　　Report Metrics and Brief Leadership - identify and create operational metrics around detection visibility, efficacy, and gaps to show program progression and maturity.

　　All other duties and projects as assigned.

　　Qualifications

　　Education

　　Bachelor’s degree plus 7 years of work experience, Master’s degree plus 4 years of work experience, or 10+ years of work experience in Computer Science, Information Technology, Cybersecurity, or related fieldsExperience

　　Understanding of IT fundamentals, such as network protocols, traffic analysis, TCP/IP, firewall, and endpoint logging, etc.

　　Understanding of operating systems (Windows, *nix), their security mechanisms, and logging requirements

　　Experience with SIEMs, IDS/IPS, antivirus software, EDR platforms, etc.

　　Familiarity with cybersecurity principles and frameworks such as MITRE Att&ck, NIST, Threat Intelligence, etc.

　　Proficient in scripting languages, such as Python and PowerShell

　　Knowledge in automation technologies and tools, such as SOAR platforms, Power Automate, etc.

　　Extensive knowledge analyzing and configuring data in SEIMs, Snort, Suricata, Zeek/Bro, and any other detection and analysis tools.

　　Ability to analyze logs, network traffic, and security events for anomalies and potential threats.

　　Thorough understanding of cyber threats and actors, and security monitoring and detection.

　　Capable of troubleshooting security issues, recommend solutions, and implement or foster implementation with necessary administrative groups.

　　Prior experience working in a cybersecurity role focused on threat detection, incident response, or security operations.

　　Strong verbal and written communication skills to articulate complex security issues to different stakeholders and provide updates to senior leadership.

　　Ability to collaborate with cross-functional teams.

　　Preferred Qualifications

　　Familiarity with cloud platforms (AWS, Azure, Google Cloud) and their security features

　　Professional certifications in CISSP, GCIH, GCIA or relevant SANS GIAC certifications

　　Familiarity or previous experience in Utility sector or industrial control systems

　　Exceptional analytical and critical thinking, willingness to challenge the status quo

　　Excellent interpersonal skills

　　Self-motivator, team player, and independent worker, that is highly adaptive

　　Education

　　Bachelor’s degree plus 7 years of work experience, Master’s degree plus 4 years of work experience, or 10+ years of work experience in Computer Science, Information Technology, Cybersecurity, or related fieldsExperience

　　Understanding of IT fundamentals, such as network protocols, traffic analysis, TCP/IP, firewall, and endpoint logging, etc.

　　Understanding of operating systems (Windows, *nix), their security mechanisms, and logging requirements

　　Experience with SIEMs, IDS/IPS, antivirus software, EDR platforms, etc.

　　Familiarity with cybersecurity principles and frameworks such as MITRE Att&ck, NIST, Threat Intelligence, etc.

　　Proficient in scripting languages, such as Python and PowerShell

　　Knowledge in automation technologies and tools, such as SOAR platforms, Power Automate, etc.

　　Extensive knowledge analyzing and configuring data in SEIMs, Snort, Suricata, Zeek/Bro, and any other detection and analysis tools.

　　Ability to analyze logs, network traffic, and security events for anomalies and potential threats.

　　Thorough understanding of cyber threats and actors, and security monitoring and detection.

　　Capable of troubleshooting security issues, recommend solutions, and implement or foster implementation with necessary administrative groups.

　　Prior experience working in a cybersecurity role focused on threat detection, incident response, or security operations.

　　Strong verbal and written communication skills to articulate complex security issues to different stakeholders and provide updates to senior leadership.

　　Ability to collaborate with cross-functional teams.

　　Preferred Qualifications

　　Familiarity with cloud platforms (AWS, Azure, Google Cloud) and their security features

　　Professional certifications in CISSP, GCIH, GCIA or relevant SANS GIAC certifications

　　Familiarity or previous experience in Utility sector or industrial control systems

　　Exceptional analytical and critical thinking, willingness to challenge the status quo

　　Excellent interpersonal skills

　　Self-motivator, team player, and independent worker, that is highly adaptive

　　Develop and Improve Detection Signatures and Alerts - create and refine detections and alerts within multiple security tools based on Mitre Att&ck Framework.

　　Monitor Detections and Alerts for Efficacy and Health - ensure that any out-of-box or custom alerts are continuously refined for efficacy, alerting as designed, tuned as needed, and have proper log sources ingesting.

　　Incident Responder and Investigator - respond and assist any team investigations escalated to Cybersecurity Operations.

　　Contextualize Threat Intelligence - stay updated with the latest threat intelligence to understand emerging threats and adapting detection strategies accordingly.

　　Log Analysis - proactive recognition of gaps in detection capabilities, conduct historical log analysis to identify any missed unauthorized activities, and create new detection measures to address gaps.

　　Implement New Tools and Technologies - evaluate and test new security technologies and/or tools that enhance detection and response capabilities.

　　Train and Mentor - conduct training sessions and workshops for team members and employees to raise awareness about security threats.

　　Report Metrics and Brief Leadership - identify and create operational metrics around detection visibility, efficacy, and gaps to show program progression and maturity.

　　All other duties and projects as assigned.

　　Remote Work

　　The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both. Assigned work location may change. In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.

　　Equal Employment Opportunity

　　Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.