At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

$63,750 - $145,200

Do you like to be in the heart of the action, on the front lines of cybersecurity defense, creating a defense system to thwart cyber-attacks?  Join us as we do this daily to protect our patients, employees, and shareholders.

The Global Cyber Defense Operations (GCDO) team is dedicated to active defense through analysis, innovation, and collaboration. Our mission focuses on unifying detection, analysis, and response strategies to safeguard Lilly's ability to develop life-changing medicines.

The threat of cybersecurity attacks has never been greater, and the GCDO’s mission has never been more important.

What You Will Be Doing:

The Cyber Intelligence Analyst will operate in a functional group focusing on any of the following: Attack Surface Management, Cyber Threat Intelligence, Detection and Automation Operations, Cyber Defense Readiness, External Threat Response, and Insider Threat Response.

Analysts typically begin with an assignment in the External Threat Response (ETR) function; however, you may be assigned to any of the core GCDO functions (Attack Surface Management, Cyber Threat Intelligence, Cyber Defense Readiness, Detection and Analysis Operations, Internal Threat Response) based on skills, development needs, and specific needs of the team.

The functions of the GCDO are as follows:

External Threat Response (ETR): Responsible for the monitoring, detection, analysis, investigation, and response to cybersecurity related events and incidents.Attack Surface Management (ASM): Responsible for reducing the overall attack surface of the Enterprise, including the identification, analysis, and remediation of vulnerabilities.Cyber Threat Intelligence (CTI): Leading efforts across the organization to consume, contribute, and produce threat intelligence, both internal and external to Lilly. Maintain, develop, and evangelize to partner functions an understanding of threats, attack campaigns and intrusion sets targeting Lilly.Cyber Defense Readiness (CDR): Responsible for the integration of key initiatives between the GCDO and the rest of Cybersecurity and other business partners.Detection and Analysis Operations (DAO): Responsible for general SecOps and DevOps of GCDO owned capability to empower the organization. Establishing the platform and services to enable the effective detection and monitoring of security events, as well as providing a means to analyze and improve detections.Internal Threat Response (ITR): Responsible for the monitoring, analysis, and investigation of cybersecurity related events and incidents, with a focus on the internal workforce.

How You Will Succeed:

Through the effective performance of the following responsibilities:

Supporting: Assisting in various cybersecurity and other work as assigned.Analyzing: Examining cyber threats and incidents.Developing: Creating capability to enable each core function.Documenting: Thorough documentation of your analysis.Detecting: Identifying potential security issues.Prioritizing: Ranking threats based on severity.Responding: Taking action to mitigate threats.Recommending Strategic Changes: Drive security improvements that will increase our ability to defend the Enterprise.Provide rotational on-call availability for cybersecurity incidents raised outside of normal business working hours.

What You Should Bring:Experience with monitoring system operations and reacting to events in response to triggers and/or observation of trends or unusual activity.Demonstrated skills in:Use of endpoint security tools to collect information for digital forensics and incident response efforts.Use of strong investigatory principles to surface and pivot on information and insights that are material to a cyber investigation.Auditing firewalls, perimeters, routers, and intrusion detection systems.Relevant programming and query languages (e.g., PowerShell, bash, FQL, KQL, SPL, C++, Python, etc.).Reverse engineering (e.g., software debugging, de-compilation of code, binary literacy, Windows OS internals) to identify function and capability of malicious code.General knowledge of:Risk management processes (e.g., methods for assessing and mitigating risk).Current software and methodologies for active defense and system hardening.Netflow and raw network traffic data; foundational networking protocols such as IP, TCP, UDP, DNS, and HTTP.Malware – static and dynamic analysis techniques, detection methodologies and analysis techniques.Cloud technologies, cloud service models, resource pooling, authentication, and logging capabilities associated with major service providers.Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.Certifications addressing new attack vectors (emphasis on cloud computing technology, mobile platforms, and tablet computers), new vulnerabilities, existing threats to operating environments, managing, maintaining, troubleshooting, installing, configuring basic network infrastructure.Basic Qualifications:Education:HS Diploma or equivalent with 5+ years of demonstrated experience in network operations or engineer and/or system administration, troubleshooting, or similar Information Technology related experience

OR

Bachelor’s Degree in Computer Science/Information Technology/Cybersecurity or related with 3+ years of Cybersecurity experienceDemonstrated experience and excellence in documentation skillsExperience working on Enterprise level cybersecurity detection and analysisAbility to communicate complex technical issues to non-technical personnelQualified candidates must be legally authorized to be employed in the United States.Additional Information:Hybrid position - located in Indianapolis, IN (relocation required)Some travel may be requiredOrganization Overview:

Lilly IT builds and maintains capabilities using cutting edge technologies like most prominent tech companies. What differentiates Lilly IT is that we redefine what’s possible through tech to advance our purpose – creating medicines that make life better for people around the world, like data driven drug discovery and connected clinical trials. We hire the best technology professionals from a variety of backgrounds, so they can bring an assortment of knowledge, skills, and diverse thinking to deliver innovative solutions in every area of our business.

Lilly’s Cybersecurity organization drives innovative, data-driven, and risk-based solutions that help enable and protect Lilly. From medicines discovery to manufacturing and delivery to patients, we solve some of the world’s most challenging problems through our threat hunting, attack surface reduction and risk management practices.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly