PPL Corporation
Application Security Lead Engineer
PPL Corporation, Louisville, Kentucky, us, 40201
PPL Corporation Application Security Lead Engineer Louisville, Kentucky Apply Now
As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL) is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners, and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities, and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation.PPL is seeking a highly skilled Application Security Lead Engineer to join our Cybersecurity organization. In this role, you will work closely with our Product Cybersecurity Manager to ensure the security and integrity of our applications and software products. You will provide expert guidance, conduct security assessments, and help shape the security posture of our products. If you are passionate about application security and have a deep understanding of modern software development practices, this position is ideal for you.Responsibilities
Conduct security assessments of applications, including vulnerability scanning, penetration testing, and fuzzing.Complete static and dynamic application security testing to identify vulnerabilities and weaknesses.Participate in code reviews to identify potential vulnerabilities, weaknesses, defects, etc.Complete Threat Modeling assessments, analyze impact, and develop mitigation strategies.Perform review and testing around Application Programming Interface security.Assist relevant parties on identified gaps based on analysis and execute strategies to mitigate/address the risk.Integrate security into the software development pipeline using secure software development lifecycle processes.Create and/or improve Data Flow Mapping and System Interface Tracking in conjunction with the Product Development and Enterprise Architecture teams.Collaborate with business and technical owners, while engaging relevant SMEs, to establish compliance standards and trackable metrics.Maintain knowledge and stay up to date on developing security technologies and integrate new technologies into architecture designs, where applicable.All other duties and projects as assigned.Qualifications
EducationBachelor’s degree in Computer Science, Information Security, and/or a related field or an equivalent level of work-related experience.ExperienceA minimum of 7+ years of experience in cybersecurity with a focus on software development, secure by design principles, and/or security architecture.Proficiency in conducting security testing, including vulnerability scanning, and static and dynamic code analysis.Expertise in system hardening, including vulnerability assessment, penetration testing, and configuration management.Expertise in designing secure architectures using established frameworks.Experience in application security tools and IDE Plug-in environments, including HP Fortify.Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25.Experience in the use of threat modeling tools, and understanding of frameworks such as STRIDE and PASTA.Cloud Technology Expertise: Demonstrate a working knowledge of various enterprise technology stacks used to build applications in the cloud.Cloud Platform Experience: Possess working knowledge and practical experience in security testing within cloud platforms, particularly Azure.Experience in Cloud Native Security practices and technologies including Container security, Serverless security, Kubernetes security, and Threat detection.Experience in utilizing Cloud Native Security Tools and Platforms such as Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and Cloud Access Security Brokers (CASB).Knowledge of federal compliance standards, including NIST 800-53 and NIST CSF.Experience working in Agile teams and knowledge of Agile principles and practices.Strong analytical skills to assess risks and vulnerabilities in complex systems.Strong leadership, communication, and interpersonal skills.Collaborative and effective in cross-functional team environments.Preferred QualificationsProfessional certifications such as CISSP, CSSLP, or CEH.Proficiency in scripting and automation for security testing.Experience with AWS and Google Cloud services.Experience utilizing the Scaled Agile Framework (SAFe).Experience in securing Artificial Intelligence, Machine Learning, etc., and maintaining the integrity of those powered solutions.Remote Work
The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both. Assigned work location may change. In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identity, genetic information, disability status, or any other protected characteristic.
#J-18808-Ljbffr
As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL) is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners, and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities, and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation.PPL is seeking a highly skilled Application Security Lead Engineer to join our Cybersecurity organization. In this role, you will work closely with our Product Cybersecurity Manager to ensure the security and integrity of our applications and software products. You will provide expert guidance, conduct security assessments, and help shape the security posture of our products. If you are passionate about application security and have a deep understanding of modern software development practices, this position is ideal for you.Responsibilities
Conduct security assessments of applications, including vulnerability scanning, penetration testing, and fuzzing.Complete static and dynamic application security testing to identify vulnerabilities and weaknesses.Participate in code reviews to identify potential vulnerabilities, weaknesses, defects, etc.Complete Threat Modeling assessments, analyze impact, and develop mitigation strategies.Perform review and testing around Application Programming Interface security.Assist relevant parties on identified gaps based on analysis and execute strategies to mitigate/address the risk.Integrate security into the software development pipeline using secure software development lifecycle processes.Create and/or improve Data Flow Mapping and System Interface Tracking in conjunction with the Product Development and Enterprise Architecture teams.Collaborate with business and technical owners, while engaging relevant SMEs, to establish compliance standards and trackable metrics.Maintain knowledge and stay up to date on developing security technologies and integrate new technologies into architecture designs, where applicable.All other duties and projects as assigned.Qualifications
EducationBachelor’s degree in Computer Science, Information Security, and/or a related field or an equivalent level of work-related experience.ExperienceA minimum of 7+ years of experience in cybersecurity with a focus on software development, secure by design principles, and/or security architecture.Proficiency in conducting security testing, including vulnerability scanning, and static and dynamic code analysis.Expertise in system hardening, including vulnerability assessment, penetration testing, and configuration management.Expertise in designing secure architectures using established frameworks.Experience in application security tools and IDE Plug-in environments, including HP Fortify.Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25.Experience in the use of threat modeling tools, and understanding of frameworks such as STRIDE and PASTA.Cloud Technology Expertise: Demonstrate a working knowledge of various enterprise technology stacks used to build applications in the cloud.Cloud Platform Experience: Possess working knowledge and practical experience in security testing within cloud platforms, particularly Azure.Experience in Cloud Native Security practices and technologies including Container security, Serverless security, Kubernetes security, and Threat detection.Experience in utilizing Cloud Native Security Tools and Platforms such as Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and Cloud Access Security Brokers (CASB).Knowledge of federal compliance standards, including NIST 800-53 and NIST CSF.Experience working in Agile teams and knowledge of Agile principles and practices.Strong analytical skills to assess risks and vulnerabilities in complex systems.Strong leadership, communication, and interpersonal skills.Collaborative and effective in cross-functional team environments.Preferred QualificationsProfessional certifications such as CISSP, CSSLP, or CEH.Proficiency in scripting and automation for security testing.Experience with AWS and Google Cloud services.Experience utilizing the Scaled Agile Framework (SAFe).Experience in securing Artificial Intelligence, Machine Learning, etc., and maintaining the integrity of those powered solutions.Remote Work
The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both. Assigned work location may change. In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identity, genetic information, disability status, or any other protected characteristic.
#J-18808-Ljbffr