Pen Test Risk Valid Principal
Company: PPL
Location: Louisville
Posted on: April 25, 2024
|
|
Job Description:
Company Summary Statement
As one of the largest investor-owned utility companies in the
United States, PPL Corporation (NYSE: PPL), is committed to
creating long-term, sustainable value for our 3.5 million
customers, our shareowners and the communities we serve. Our
high-performing regulated utilities - PPL Electric Utilities,
Louisville Gas and Electric, Kentucky Utilities and Rhode Island
Energy - provide an outstanding experience for our customers,
consistently ranking among the best utilities in the nation. PPL's
companies are also addressing challenges head-on by investing in
new infrastructure and technology that is creating a smarter, more
reliable and resilient energy grid. We are committed to doing our
part to advance a cleaner energy future and drive innovation that
enables us to achieve net-zero carbon emissions by 2050 while
maintaining energy reliability and affordability for the customers
and communities we serve. PPL is a positive force in the cities and
towns where we do business, providing support for programs and
organizations that empower the success of future generations by
helping to build and maintain strong, diverse communities
today.
Overview
The Cybersecurity organization advances the overall state of
security at PPL through critical initiatives and coordination of
large security and customer-focused projects. The organization
builds and procures technologies, tools, and processes to better
enable teams at PPL to develop secure platforms and protect data
and systems with appropriate security controls. IT Cybersecurity
also develops systems to monitor and respond to attacks against our
systems, provides educational awareness on security best practices,
and ensures data sharing relationships with third parties securely
protect PPL information. This is part of the IT Cybersecurity-
Governance, Risk, & Compliance team.
PPL is seeking a highly skilled Penetration Tester and Risk
Validation Principal to join our Cybersecurity Governance, Risk, &
Compliance team. As part of our team, you will be responsible for
conducting (and leading) penetration tests, vulnerability
assessments, and reporting findings to help detect legacy and
bleeding-edge security vulnerabilities in enterprise environments.
You should have a firm grasp of networking, system administration,
and web application security. The ability to think outside the box
and go beyond conventional attack paths and exploits is highly
valued by our team.
In this role, you will work closely with IT Infrastructure and
Application/Dev teams to ensure the security and configuration of
PPL's infrastructure and systems. You will have direct
responsibility for scoping and leading penetration testing efforts
using cyber technology such as security posture management and
vulnerability scanning tools. You will provide expert guidance,
conduct penetration assessments, and provide detailed remediation
plans. In addition, your expertise will be applied to validate the
completion, effectiveness, and risk reduction of mitigation
actions. If you are passionate about ethical hacking and
penetration testing, this position is ideal for you.
This position is available remote or hybrid with working locations
in Louisville, KY or Allentown, PA.
Responsibilities
Scope and perform penetration testing and vulnerability research of
complex proprietary software and hardware for PPL and its operating
companies.
Identify and assess vulnerabilities in systems and applications.
This includes utilizing manual and automated testing methods to
find and exploit code flaws, misconfigurations, and insecure
software.
Keep cybersecurity training and knowledge current by monitoring the
latest security threats and vulnerabilities.
Write clear and concise penetration testing reports detailing
findings and recommendations.
Provide recommendations for remediation of identified
vulnerabilities.
Provide expert review of cybersecurity risks, remediation plans,
and mitigations, with a primary focus on validating mitigation
completion and effectiveness.
Own and lead penetration testing and risk validation program,
including detailed strategic planning, execution, and
communications to executive leadership.
All other duties and projects as assigned.
Qualifications
Education
Bachelor's degree in related technical field
Experience
More than 10 years' experience in related technical discipline
Strong knowledge of various operating systems and networks, and
experience with Linux, Windows, and Active Directory.
Proficiency in a programming language such as Python, JavaScript,
or C++.
Experience with penetration testing tools and frameworks such as
Metasploit, Nmap, BurpSuite and WireShark.
Knowledge of web application security, including experience with
web application scanners and manual testing techniques.
Experience with a variety of security tools and techniques and the
ability to write scripts to automate tasks.
Experience with cybersecurity risk programs, mitigation
development, and validation of implementations, effectiveness, and
risk reduction.
Strong communication and writing skills for technical
findings/requirements and executive-level briefings.
Preferred Qualifications
Master's degree in related technical field
A degree or one recognized certification such as the CPTS
penetration testing certification, CompTIA PenTest+, or OSCP.
Experience with cloud and container technologies like AWS, Azure,
and Kubernetes.
Hands-on experience and a strong track record of successfully
identifying and exploiting vulnerabilities.
Education
Bachelor's degree in related technical field
Experience
More than 10 years' experience in related technical discipline
Strong knowledge of various operating systems and networks, and
experience with Linux, Windows, and Active Directory.
Proficiency in a programming language such as Python, JavaScript,
or C++.
Experience with penetration testing tools and frameworks such as
Metasploit, Nmap, BurpSuite and WireShark.
Knowledge of web application security, including experience with
web application scanners and manual testing techniques.
Experience with a variety of security tools and techniques and the
ability to write scripts to automate tasks.
Experience with cybersecurity risk programs, mitigation
development, and validation of implementations, effectiveness, and
risk reduction.
Strong communication and writing skills for technical
findings/requirements and executive-level briefings.
Preferred Qualifications
Master's degree in related technical field
A degree or one recognized certification such as the CPTS
penetration testing certification, CompTIA PenTest+, or OSCP.
Experience with cloud and container technologies like AWS, Azure,
and Kubernetes.
Hands-on experience and a strong track record of successfully
identifying and exploiting vulnerabilities.
Scope and perform penetration testing and vulnerability research of
complex proprietary software and hardware for PPL and its operating
companies.
Identify and assess vulnerabilities in systems and applications.
This includes utilizing manual and automated testing methods to
find and exploit code flaws, misconfigurations, and insecure
software.
Keep cybersecurity training and knowledge current by monitoring the
latest security threats and vulnerabilities.
Write clear and concise penetration testing reports detailing
findings and recommendations.
Provide recommendations for remediation of identified
vulnerabilities.
Provide expert review of cybersecurity risks, remediation plans,
and mitigations, with a primary focus on validating mitigation
completion and effectiveness.
Own and lead penetration testing and risk validation program,
including detailed strategic planning, execution, and
communications to executive leadership.
All other duties and projects as assigned.
Remote Work
The company reserves the right to determine if this position will
be assigned to work on-site, remotely, or a combination of both.
Assigned work location may change. In the case of remote work,
physical presence in the office/on-site may be required to engage
in face-to-face interaction and coordination of work among direct
reports and co-workers.
Equal Employment Opportunity
Our company is an equal opportunity, affirmative action employer
dedicated to diversity and the strength it brings to the workplace.
All qualified applicants will receive consideration for employment
without regard to race, color, age, religion, sex, national origin,
protected veteran status, sexual orientation, gender identify,
genetic information, disability status, or any other protected
characteristic.
Keywords: PPL, Louisville , Pen Test Risk Valid Principal, Other , Louisville, Kentucky
Click
here to apply!
|