Logo
PPL

Lead Cloud Engineer

PPL, Allentown, Pennsylvania, United States, 18103


Company Summary Statement

As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation. PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve. PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.

Overview

The Cybersecurity organization advances the overall state of security at PPL through critical initiatives and coordination of large security and customer-focused projects. The organization builds and procures technologies, tools, and processes to better enable teams at PPL to develop secure platforms and protect data and systems with appropriate security controls. IT Cybersecurity also develops systems to monitor and respond to attacks against our systems, provides educational awareness to the corporation on security best practices, and ensures data sharing relationships with third parties securely protect PPL information.

PPL is seeking a highly skilled Cloud Security Lead Engineer to join our Cybersecurity organization. In this role, you will work closely in our Cloud Engineering team to ensure the security and configuration of the PPL cloud infrastructure, including Microsoft services and Azure cloud environment. You will have direct responsibility for the usage and monitoring of the cyber technology within the cloud environment such as cloud security posture management and vulnerability scanning tools. If you are passionate about cloud security and have a deep understanding of Microsoft Azure, M365, and other cloud infrastructure environments, this position is ideal for you.

#LI-Hybrid

Responsibilities

Identifyvulnerabilities within Cloud applications and underlying code usingstatic analysis tools.

Develop and enforce Cloud Access Security Broker (CASB) policies and procedures.

Manage the mobile device and mobile application solution to ensure devices are managed, data is protected, and security policies are enforced.

Configure and manage conditional access policies to control access to cloud resources based on user identity, device, and location.

Manage Azure Active Directory identity and access management (IAM) solutions.

Implement and manage security controls for Office 365.

Utilize tooling to routinely monitor and analyze the cloud environment for security threats and vulnerabilities.

Assist relevant parties on identified gaps based on analysis and execute strategies to mitigate/address the risk.

Collaborate with cross-functional teams to integrate security controls and processes into cloud infrastructure and applications.

Assess and recommend security tools, technologies, and services that enhance cloud security posture.

Identify and apply strategies to optimize resource utilization and minimize cost.

All other duties and projects as assigned.

Qualifications

Education

Bachelor’s degree in Computer Science, Information Security, and/or a related field or an equivalent level of work related experience

Experience

A minimum of 7+ years of direct cybersecurity cloud experience in the configuration and support ofcloud applications and infrastructure

Experience in the configuration and support of Microsoft 365 services including:

Microsoft Endpoint Manager – Intune and Configuration Manager

Microsoft Defender for Cloud

Conditional Access

Microsoft Identity and Access - Microsoft 365 Active Directory/Entra and ADFS.

Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.

Demonstrated knowledge of Azure architecture and core services such as Virtual Machines, Group Policy, MFA, Azure Active Directory, Management Groups, Resource Groups, Azure Regions, Azure Functions, Azure Networking, Azure IPsec Connections, Network Security Groups, Azure VDI, and Firewalls.

Experience with DevOps methodologies and tools

Experience in Cloud Native Security practices and technologies including Container security, Serverless security, Kubernetes security and Threat detection.

Experience in utilizing Cloud Native Security Tools and Platforms such as Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and CASB.

Scripting and Programming: skills in scripting languages like PowerShell or Azure CLI for automation.

Knowledge of Azure security tools and features like Azure Active Directory, Network Security Groups, and Azure Key Vault.

Experience working in Agile teams and have knowledge of Agile principles and practices.

Experience in Security and/or Regulatory Frameworks such as NIST, Azure Security Center, CIS Benchmarks, SOX, NERC CIP, etc.

Strong leadership, communication, and interpersonal skills.

Collaborative and effective in cross-functional team environments.

Strong analytical skills to assess risks and vulnerabilities in complex systems.

Preferred Qualifications

Knowledge of programming languages like Python, .NET, or Java.

Experience with AWS and Google Cloud services

Experience with building CI/CD pipelines to support application and infrastructure deployments.

Understanding of data analytics and machine learning concepts

Cloud Technology Expertise: demonstrate a working knowledge of various enterprise technology stacks used to build services in the cloud.

Cloud Platform Experience: possess working knowledge and practical experience in security testing within cloud platforms, particularly Azure.

Experience utilizing the Scaled Agile Framework (SAFe)

Proficiency in scripting and automation for security testing.

Knowledge of Azure configuration best practices.

Relevant Cybersecurity certifications (e.g. CISSP, CISM, CISA, CCSP)

Relevant Microsoft Certifications (e.g. Azure Administration Associate, Azure Security Engineer Associate, Azure Network Engineer Associate)

Education

Bachelor’s degree in Computer Science, Information Security, and/or a related field or an equivalent level of work related experience

Experience

A minimum of 7+ years of direct cybersecurity cloud experience in the configuration and support ofcloud applications and infrastructure

Experience in the configuration and support of Microsoft 365 services including:

Microsoft Endpoint Manager – Intune and Configuration Manager

Microsoft Defender for Cloud

Conditional Access

Microsoft Identity and Access - Microsoft 365 Active Directory/Entra and ADFS.

Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.

Demonstrated knowledge of Azure architecture and core services such as Virtual Machines, Group Policy, MFA, Azure Active Directory, Management Groups, Resource Groups, Azure Regions, Azure Functions, Azure Networking, Azure IPsec Connections, Network Security Groups, Azure VDI, and Firewalls.

Experience with DevOps methodologies and tools

Experience in Cloud Native Security practices and technologies including Container security, Serverless security, Kubernetes security and Threat detection.

Experience in utilizing Cloud Native Security Tools and Platforms such as Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and CASB.

Scripting and Programming: skills in scripting languages like PowerShell or Azure CLI for automation.

Knowledge of Azure security tools and features like Azure Active Directory, Network Security Groups, and Azure Key Vault.

Experience working in Agile teams and have knowledge of Agile principles and practices.

Experience in Security and/or Regulatory Frameworks such as NIST, Azure Security Center, CIS Benchmarks, SOX, NERC CIP, etc.

Strong leadership, communication, and interpersonal skills.

Collaborative and effective in cross-functional team environments.

Strong analytical skills to assess risks and vulnerabilities in complex systems.

Preferred Qualifications

Knowledge of programming languages like Python, .NET, or Java.

Experience with AWS and Google Cloud services

Experience with building CI/CD pipelines to support application and infrastructure deployments.

Understanding of data analytics and machine learning concepts

Cloud Technology Expertise: demonstrate a working knowledge of various enterprise technology stacks used to build services in the cloud.

Cloud Platform Experience: possess working knowledge and practical experience in security testing within cloud platforms, particularly Azure.

Experience utilizing the Scaled Agile Framework (SAFe)

Proficiency in scripting and automation for security testing.

Knowledge of Azure configuration best practices.

Relevant Cybersecurity certifications (e.g. CISSP, CISM, CISA, CCSP)

Relevant Microsoft Certifications (e.g. Azure Administration Associate, Azure Security Engineer Associate, Azure Network Engineer Associate)

Identifyvulnerabilities within Cloud applications and underlying code usingstatic analysis tools.

Develop and enforce Cloud Access Security Broker (CASB) policies and procedures.

Manage the mobile device and mobile application solution to ensure devices are managed, data is protected, and security policies are enforced.

Configure and manage conditional access policies to control access to cloud resources based on user identity, device, and location.

Manage Azure Active Directory identity and access management (IAM) solutions.

Implement and manage security controls for Office 365.

Utilize tooling to routinely monitor and analyze the cloud environment for security threats and vulnerabilities.

Assist relevant parties on identified gaps based on analysis and execute strategies to mitigate/address the risk.

Collaborate with cross-functional teams to integrate security controls and processes into cloud infrastructure and applications.

Assess and recommend security tools, technologies, and services that enhance cloud security posture.

Identify and apply strategies to optimize resource utilization and minimize cost.

All other duties and projects as assigned.

Remote Work

The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both. Assigned work location may change. In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.

Equal Employment Opportunity

Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.