PPL Corporation Associate IT Security Analyst in Allentown, Pennsylvania



Associate IT Security Analyst

Primary Responsibilities:

• Proactively understand the customer's business needs and apply sound information assurance processes. Ensure business targets are achieved through secure and reliable use of appropriate technology.

• Proactively protect the integrity, confidentiality and availability of information that is in the custody of or processed by the corporation.

• Respond in a timely manner to loss or misuse of information assets. As part of security team, serves as secondary 24x7 on call security response on rotational basis (typically one week at a time) per security alert notifications, and as part of departmental crisis process, developing into primary on-call duties.

• Coordinates, documents and reports on internal investigations of possible security violations or information security misuse or compliance reviews as requested and approved by HR, Auditors, OGC, and/or regulatory or law enforcement bodies.

• Communicate unresolved security exposures, misuse, or noncompliance situations to management.

• Encourages the team to move forward by taking risks and experimenting with new ideas and concepts. Act as an advocate for internal customers and manage vendor relationships.

• Creates a cooperative environment that encourages information exchange. Use oral and written communications that presents difficult or complex ideas in a clear, concise, organized and persuasive manner and able to identify the underlying business issue, impact and benefit.

• Provide consultation and coordination to Business Unit and IT Management as required to ensure resource owner responsibilities are understood and accepted, selection and use of realistic enforcement mechanisms that appropriately balance security and business functions, understanding of, and development of appropriate response to security audit findings by internal and external auditing departments.

• Consult with other technical staff on security related updates to applications and technical environments.

• Mentors other technical staff members or co-operative associates across areas of Information Assurance. Stay abreast of emerging technology and architecture directions while focusing on advanced Information Assurance techniques, including pursuit and attainment of appropriate security certifications, advanced education, and/or clearances.

• Solve information assurance problems of varying complexity across multiple technology specialization areas. Consistently develops well thought out plans for highly complex or ambiguous issues. Provides maintenance, problem resolution and analysis of security exposures and opportunities on multiple platforms, including Windows, UNIX , Linux, Internet/Intranet, network firewalls and security tools like intrusion prevention systems, anti-malware software etc.

• Provides high level research on internal projects, recommending strategic directions and plans that address company-wide security issues. This includes projects related to Critical Infrastructure Protection (CIP) implementations, and involvement in operating such controls and providing evidence of compliance and audit participation.

• Develops and implements tests of computer systems to monitor effectiveness of security defenses

• Develop/enhance procedures for periodic review of system logs.

• Proactively and reactively review system logs and messages to identify and report on possible violations of security policy or breaches of security defenses.

• Develops, coordinates and implements disaster or continuity procedures for information systems, security controls supporting computer environment.

• Participates in special projects involving outside personnel or companies in security-related assignments.

• Directs and monitors the timely response to all user assistance and problem determination requests on security-related problems, such as through ticket queue management assignments (incidents, problems, requests).

• Provides technical analytical and security leadership for project development and implementation. Work closely with less skilled individuals to promote and exchange knowledge.

• Committed to continuous learning by striving to increase skills and knowledge required for the position. Sorts out personal strengths/weaknesses and seeks feedback for improvement.

• Provides needed perspective across organizational boundaries to ensure consistency in the application of security solutions in each area in a manner that is conducive to the achievement of departmental as well as corporate objectives.

Requisition ID:


Position Summary:

Role has responsibility for protecting the integrity, confidentiality and availability of information to a level that is commensurate with their value; and to reduce the risk of information loss by accidental or intentional modification, disclosure, or destruction through a defense in depth strategy. Individual technical and security expertise and experience is required, including project management and communication skills with working within a task team. Expected to develop relationships with technical and non-technical customers, co-workers, consultants and vendors while continuing to research and advance technical prowess. Information Security Analyst role has substantial knowledge in more than one area of enabling systems or security technologies. Provides maintenance, problem resolution and analysis of security exposures and opportunities on multiple platforms. Provides high level research on unusual or unique projects, recommending strategic direction and plans that address company-wide security issues based on security risk priorities. The scope of Information Assurance is in provision of cybersecurity and compliance service offerings (Cyber Security Risk Management, Compliance, Cybersecurity Monitoring and Protections, and Access & Identity Management), which may include but is not exclusive to technologies or processes associated with: Security Administration, Security Awareness, Security Policies - Standards - and Procedures, Intrusion Protection, Intrusion Detection, Data Backup & Recovery, Business Continuity & Disaster Recovery, Anti-malware and anti-spam/anti-phishing protections, Configuration and Change Management, and Inappropriate Use Monitoring & Investigation, and NERC CIP, SOX and FERC compliance controls.

Candidate Qualifications:

Candidates must meet the basic qualifications and pass all required tests or assessments to receive consideration. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility form upon hire.

Experience Level:

Entry Level

Recruiting Location:


Basic Qualifications:

  1. Bachelor's degree in information security, computer science, math, or business related field.

  2. Familiarity with security vulnerabilities / mitigation strategies highly desired and IT security concepts required.

  3. Experience in PC, client/server, Network and Internet/web-development, especially from a security perspective.

  4. Skills in effectively adapting to rapidly changing technology and ability to apply it to business needs and to merge multiple tools together to solve problems.

  5. Good analytical and problem solving background; ability to multitask and work on multiple small projects in a cross-functional environment.

  6. Familiarity with open systems architectures required

Equal Employment Opportunity:

Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.

Regular or Temporary:


Preferred Qualifications:

  1. Ideal candidate will have an engineering, information security, information systems or computer science degree. CISSP a plus.

Full-time or Part-time:


Corporate Summary:

As one of the largest investor-owned companies in the U.S. utility sector, PPL Corporation delivers on its promises to customers, investors, employees and the communities we serve. Our utilities – Western Power Distribution, Louisville Gas and Electric and Kentucky Utilities, and PPL Electric Utilities – provide an outstanding service experience for our customers, consistently ranking among the best in the United States and the United Kingdom. PPL has grown from a company with customers and facilities in one region of Pennsylvania to a diverse energy company with more than 10 million customers in the U.S. and the U.K. PPL provides energy for millions of customers while providing challenging and rewarding careers for thousands of employees around the U.S. and abroad. Follow PPL Corporation on social mediaTwitter: @PPLCorporation (https://twitter.com/PPLCorporation)LinkedIn (https://www.linkedin.com/company/ppl-corporation)Follow PPL Electric Utilities on social mediaTwitter: @PPLElectric (https://twitter.com/PPLElectric)Facebook (www.facebook.com/PPLElectric)