PPL - Allentown, PA
posted about 2 months ago
Full-time - Senior
Remote - Allentown, PA
Utilities
About the position
The Cloud Security Principal Architect at PPL Corporation will play a critical role in advancing the organization's cybersecurity initiatives, particularly in the cloud environment. This position involves collaborating with the Cloud Engineering team to ensure the security and configuration of PPL's cloud infrastructure, including Microsoft Azure and M365 services. The role encompasses developing a comprehensive cloud security strategy, conducting security assessments, and providing expert guidance on secure cloud architecture, all while fostering a culture of security awareness across the organization.
Responsibilities
- Develop and implement a comprehensive cloud security strategy that aligns with the organization's overall security objectives.
- Design and document secure cloud architectures that meet the organization's functional and security requirements.
- Design and/or evaluate current cloud infrastructure and incorporate security principles into all stages of the System Development Lifecycle.
- Utilize Infrastructure as Code (IaC) solutions to enhance efficiency and control of processes.
- Ensure user access and privileged account management to cloud resources is aligned to industry best practices and frameworks.
- Responsible for the governance of Cloud Security policies, procedures, and standards.
- Perform security reviews of cloud architecture, infrastructure, and applications, identify gaps, develop a security risk management plan, and execute strategies to mitigate/address identified risk.
- Collaborate with cross-functional teams to integrate security controls and processes into cloud infrastructure and applications.
- Assess and recommend security tools, technologies, and services that enhance cloud security posture.
- Serve as a Subject Matter Expert on Cloud Security related topics, best practices, emerging technologies and the evolving threat landscape.
- Identify and apply strategies to optimize resource utilization and minimize cost.
- Provide guidance, coaching, and support in the development of junior staff members.
- All other duties and projects as assigned.
Requirements
- Bachelor's degree in Computer Science, Information Security, or a related field or equivalent work experience.
- A minimum of 10+ years of direct cybersecurity cloud experience in the configuration and support of cloud applications and infrastructure.
- Experience in the configuration and support of Microsoft 365 services including Microsoft Endpoint Manager, Microsoft Defender for Cloud, Conditional Access, and Microsoft Identity and Access.
- Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, IaC, etc.
- Demonstrated knowledge of Azure architecture and core services such as Virtual Machines, Azure Active Directory, and Azure Networking.
- Experience with DevOps methodologies and tools.
- Scripting skills in languages like PowerShell or Azure CLI for automation.
- Knowledge of network architectures, including VNETs, subnets, and VPNs, along with Azure security tools.
- Experience in Cloud Native Security practices and technologies including Container security and Threat detection.
- Experience in utilizing Cloud Native Security Tools and Platforms such as CSPM and CWPP.
- Experience in Security and/or Regulatory Frameworks such as NIST and CIS Benchmarks.
- Experience working in Agile teams and knowledge of Agile principles.
Nice-to-haves
- Knowledge of programming languages like Python, .NET, or Java.
- Experience with AWS and Google Cloud services.
- Experience with building CI/CD pipelines to support application and infrastructure deployments.
- Understanding of data analytics and machine learning concepts.
- Proficiency in scripting and automation for security testing.
- Knowledge of Azure configuration best practices.
- Experience utilizing the Scaled Agile Framework (SAFe).
- Relevant cybersecurity certifications (e.g. CISSP, CISM, CISA, CCSP).
- Relevant Microsoft Certifications (e.g. Azure Administration Associate, Azure Security Engineer Associate).
