PPL - Allentown, PA
posted about 2 months ago
Full-time - Senior
Remote - Allentown, PA
1,001-5,000 employees
Utilities
About the position
The Application Security Principal at PPL Corporation plays a crucial role in enhancing the security posture of the company's applications and software products. This position involves collaborating with various teams to design secure application architectures, conducting security assessments, and providing expert guidance on security best practices. The role is pivotal in ensuring that PPL's applications are developed and maintained with a focus on security, thereby protecting sensitive data and systems from potential threats.
Responsibilities
- Design and implement secure application architecture in coordination with Enterprise Architecture and Product Development teams.
- Develop and expand threat modeling governance frameworks, including policy/procedure creation and risk assessments.
- Establish and maintain security requirements and best practices for application development and deployment.
- Analyze security needs and software requirements to assess feasibility within time and cost constraints.
- Conduct risk assessments for applications to identify potential vulnerabilities and threats.
- Oversee and coordinate security testing activities, including static code analysis, dynamic application security testing, penetration testing, and code reviews.
- Develop a security risk management plan and execute strategies to mitigate identified risks in collaboration with Product Development teams.
- Evaluate, implement, and manage security tools and technologies to enhance application security.
- Educate development teams on established security requirements and best practices.
- Collaborate with business and technical owners to establish compliance standards and trackable metrics.
- Stay updated on developing security technologies and integrate new technologies into architecture designs.
- Provide guidance and support in the development of junior staff members.
Requirements
- Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience.
- 10+ years of experience in cybersecurity with a focus on software development and security architecture.
- Proficiency in conducting security testing, including vulnerability scanning and static/dynamic code analysis.
- Expertise in system hardening, vulnerability assessment, penetration testing, and configuration management.
- Experience in designing secure architectures using established frameworks.
- Familiarity with application security tools and IDE Plug-in environments, including HP Fortify.
- Knowledge of securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
- Experience with threat modeling tools and understanding of frameworks such as STRIDE and PASTA.
- Working knowledge of cloud technology stacks and security aspects unique to cloud-based applications.
- Practical experience in security testing within cloud platforms, particularly Azure.
- Experience in Cloud Native Security practices and technologies, including Container security and Threat detection.
- Knowledge of federal compliance standards, including NIST 800-53 and NIST CSF.
Nice-to-haves
- Professional certifications such as CISSP, CSSLP, or CEH.
- Proficiency in scripting and automation for security testing.
- Experience with AWS and Google Cloud services.
- Experience utilizing the Scaled Agile Framework (SAFe).
- Experience in securing Artificial Intelligence and Machine Learning solutions.
Benefits
- Health insurance coverage
- 401k retirement savings plan
- Paid holidays
- Flexible scheduling options
- Professional development opportunities
- Employee discount programs
