Cloud Security Principal Architect

Job description

Company Summary Statement

As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve.

Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation.

PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid.

We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve.

PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.
Overview

**This is a hybrid position requiring on-site presence three days per week at one of our local offices, located in Allentown, PA (Lehigh Valley), Louisville, KY, or Providence, RI.** **LI-Hybrid #INDPPL**

PPL is seeking a highly skilled Cloud Security Architect to join our Cybersecurity organization.

In this role, you will work closely with our Cloud Engineering team to ensure the security and configuration of the PPL cloud infrastructure, including Azure, AWS, and other cloud service providers.

You will have direct responsibility for the usage and monitoring of cyber technology within the cloud environment as well as collaborating on the cloud security strategy.

You will provide expert guidance, conduct security assessments, and provide detailed design and implementation of secure cloud architecture.

If you are passionate about cloud security and have a deep understanding of modern cloud security concerns like secure configurations, container security, and cloud incident response, this position is ideal for you.

Responsibilities

**ESSENTIAL FUNCTIONS** :

+ Design and implement secure cloud architectures across AWS, Azure, and GCP.
+ Conduct regular security assessments and ensure compliance with frameworks (NIST, CIS).
+ Lead incident response for cloud environments and contribute to tabletop exercises.
+ Collaborate with developers and DevOps teams to ensure secure CICD and IAC best practices.
+ Ensure user access and privileged account management to cloud resources is aligned to industry best practices and frameworks.
+ Provide input to GRC teams on cloud security policies and IAM standards.
+ Perform security reviews of cloud architecture, infrastructure, and applications, identify gaps, develop a security risk management plan, and execute strategies to mitigate/address identified risk.
+ Manage CSPM and Container Security technologies.
+ Serve as a Subject Matter Expert on Cloud Security related topics, best practices, emerging technologies and the evolving threat landscape.
+ Identify and apply strategies to optimize resource utilization and minimize cost.
+ Provide guidance, coaching, and support in the development of junior staff members.
+ Performs other duties as assigned.
+ Complies with all policies and standards.

Qualifications

**REQUIRED EDUCATION** :

+ Bachelor's Degree in Computer Science, Information Security, and/or a related field or an equivalent combination of education and experience on a year for year basis.

**REQURIED EXPERIENCE** :

+ A minimum of 10+ years of direct cybersecurity cloud experience in the configuration and support of cloud applications and infrastructure.
+ Experience in the configuration and support of Microsoft 365 services including:
+ Microsoft Endpoint Manager – Intune and Configuration Manager
+ Microsoft Defender for Cloud
+ Microsoft Identity and Access - Microsoft 365 Active Directory/Entra and ADFS.
+ Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
+ Demonstrated knowledge of Azure architecture and core services such as Virtual Machines, Group Policy, MFA, Azure Active Directory, Management Groups, Resource Groups, Azure Regions, Azure Functions, Azure Networking, Azure IPsec Connections, Network Security Groups, Azure VDI, and Firewalls.
+ Experience with DevOps and building CI/CD pipelines to support application and infrastructure deployments.
+ Scripting and Programming: skills in scripting languages like PowerShell or Azure CLI for automation.
+ Knowledge of network architectures, including VNETs, subnets, VPNs, and ExpressRoute, along with an understanding of Azure security tools and features like Azure Active Directory, Network Security Groups, and Azure Key Vault.
+ Strong leadership, communication, and interpersonal skills.
+ Collaborative and effective in cross-functional team environments.
+ Strong analytical skills to assess risks and vulnerabilities in complex systems.

**PREFERRED QUALIFICATIONS** :

+ Knowledge of programming languages like Python, .NET, or Java.
+ Cloud Technology Expertise: demonstrate a working knowledge of various enterprise technology stacks used to build services in the cloud.
+ Cloud Platform Experience: possess working knowledge and practical experience in security testing within cloud platforms, particularly Azure.
+ Proficiency in scripting and automation for security testing.
+ Knowledge of Azure configuration best practices.
+ Certification such as:
+ M365 Security
+ Microsoft Azure Administration Associate AZ 104
+ Microsoft Azure Network Engineer Associate Engineer
+ Microsoft Azure Security Engineer Associate AZ 500

**REQUIRED EDUCATION** :

+ Bachelor's Degree in Computer Science, Information Security, and/or a related field or an equivalent combination of education and experience on a year for year basis.

**REQURIED EXPERIENCE** :

+ A minimum of 10+ years of direct cybersecurity cloud experience in the configuration and support of cloud applications and infrastructure.
+ Experience in the configuration and support of Microsoft 365 services including:
+ Microsoft Endpoint Manager – Intune and Configuration Manager
+ Microsoft Defender for Cloud
+ Microsoft Identity and Access - Microsoft 365 Active Directory/Entra and ADFS.
+ Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
+ Demonstrated knowledge of Azure architecture and core services such as Virtual Machines, Group Policy, MFA, Azure Active Directory, Management Groups, Resource Groups, Azure Regions, Azure Functions, Azure Networking, Azure IPsec Connections, Network Security Groups, Azure VDI, and Firewalls.
+ Experience with DevOps and building CI/CD pipelines to support application and infrastructure deployments.
+ Scripting and Programming: skills in scripting languages like PowerShell or Azure CLI for automation.
+ Knowledge of network architectures, including VNETs, subnets, VPNs, and ExpressRoute, along with an understanding of Azure security tools and features like Azure Active Directory, Network Security Groups, and Azure Key Vault.
+ Strong leadership, communication, and interpersonal skills.
+ Collaborative and effective in cross-functional team environments.
+ Strong analytical skills to assess risks and vulnerabilities in complex systems.

**PREFERRED QUALIFICATIONS** :

+ Knowledge of programming languages like Python, .NET, or Java.
+ Cloud Technology Expertise: demonstrate a working knowledge of various enterprise technology stacks used to build services in the cloud.
+ Cloud Platform Experience: possess working knowledge and practical experience in security testing within cloud platforms, particularly Azure.
+ Proficiency in scripting and automation for security testing.
+ Knowledge of Azure configuration best practices.
+ Certification such as:
+ M365 Security
+ Microsoft Azure Administration Associate AZ 104
+ Microsoft Azure Network Engineer Associate Engineer
+ Microsoft Azure Security Engineer Associate AZ 500

**ESSENTIAL FUNCTIONS** :

+ Design and implement secure cloud architectures across AWS, Azure, and GCP.
+ Conduct regular security assessments and ensure compliance with frameworks (NIST, CIS).
+ Lead incident response for cloud environments and contribute to tabletop exercises.
+ Collaborate with developers and DevOps teams to ensure secure CICD and IAC best practices.
+ Ensure user access and privileged account management to cloud resources is aligned to industry best practices and frameworks.
+ Provide input to GRC teams on cloud security policies and IAM standards.
+ Perform security reviews of cloud architecture, infrastructure, and applications, identify gaps, develop a security risk management plan, and execute strategies to mitigate/address identified risk.
+ Manage CSPM and Container Security technologies.
+ Serve as a Subject Matter Expert on Cloud Security related topics, best practices, emerging technologies and the evolving threat landscape.
+ Identify and apply strategies to optimize resource utilization and minimize cost.
+ Provide guidance, coaching, and support in the development of junior staff members.
+ Performs other duties as assigned.
+ Complies with all policies and standards.

Remote Work
The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both.

Assigned work location may change.

In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.

Equal Employment Opportunity

Our company is an equal opportunity employer.

All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.

Required Skill Profession

Other General