Cyber Regional Lead for Insider Threat

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Do you like to be in the heart of the action, on the front lines of cybersecurity defense, creating a defense system to thwart cyber-attacks?  Join us as we do this daily to protect our patients, employees, and shareholders.

The Global Cyber Defense Operations (GCDO) team is dedicated to active defense through analysis, innovation, and collaboration. Our mission focuses on unifying detection, analysis, and response strategies to safeguard Lilly's ability to develop life-changing medicines.

The threat of cybersecurity attacks has never been greater, and the GCDO’s mission has never been more important.

What You Will Be Doing:

The Cyber Regional Lead for Insider Threat will operate in a functional group focusing Insider Threat Response. It is important to note that GCDO operates as a holistic team and the lead may on need to operate any of the following functional areas: Attack Surface Management, Cyber Threat Intelligence, Detection and Automation Operations, Cyber Defense Readiness, External Threat Response, and Insider Threat Response.

Leads typically begin with an assignment in the External Threat Response (ETR) function; however, you may be assigned to any of the core GCDO functions (Attack Surface Management, Cyber Threat Intelligence, Cyber Defense Readiness, Detection and Analysis Operations, Internal Threat Response) based on skills, development needs, and specific needs of the team.

The functions of the GCDO are as follows:

• External Threat Response (ETR): Responsible for the monitoring, detection, analysis, investigation, and response to cybersecurity related events and incidents.

• Attack Surface Management (ASM): Responsible for reducing the overall attack surface of the Enterprise, including the identification, analysis, and remediation of vulnerabilities.

• Cyber Threat Intelligence (CTI): Leading efforts across the organization to consume, contribute, and produce threat intelligence, both internal and external to Lilly. Maintain, develop, and evangelize to partner functions an understanding of threats, attack campaigns and intrusion sets targeting Lilly.

• Cyber Defense Readiness (CDR): Responsible for the integration of key initiatives between the GCDO and the rest of Cybersecurity and other business partners.

• Detection and Analysis Operations (DAO): Responsible for general SecOps and DevOps of GCDO owned capability to empower the organization. Establishing the platform and services to enable the effective detection and monitoring of security events, as well as providing a means to analyze and improve detections.

• Internal Threat Response (ITR): Responsible for the monitoring, analysis, and investigation of cybersecurity related events and incidents, with a focus on the internal workforce.

How You Will Succeed:

Through the effective performance of the following responsibilities:

• Supporting: Assisting in various cybersecurity and other work as assigned.

• Analyzing: Examining cyber threats and incidents.

• Developing: Creating capability to enable each core function.

• Documenting: Thorough documentation of your analysis.

• Detecting: Identifying potential security issues.

• Prioritizing: Ranking threats based on severity.

• Responding: Taking action to mitigate threats.

• Recommending Strategic Changes: Drive security improvements that will increase our ability to defend the Enterprise.

• Provide rotational on-call availability for cybersecurity incidents raised outside of normal business working hours.

What You Should Bring:

• Experience with monitoring system operations and reacting to events in response to triggers and/or observation of trends or unusual activity.

• Demonstrated skills in:

  • Use of endpoint security tools to collect information for digital forensics and incident response efforts.

  • Use of strong investigatory principles to surface and pivot on information and insights that are material to a cyber investigation.

  • Auditing firewalls, perimeters, routers, and intrusion detection systems.

  • Relevant programming and query languages (e.g., PowerShell, bash, FQL, KQL, SPL, C++, Python, etc.).

  • Reverse engineering (e.g., software debugging, de-compilation of code, binary literacy, Windows OS internals) to identify function and capability of malicious code.

• General knowledge of:

  • Risk management processes (e.g., methods for assessing and mitigating risk).

  • Current software and methodologies for active defense and system hardening.

  • Current software and methodologies for active defense of data

  • Netflow and raw network traffic data; foundational networking protocols such as IP, TCP, UDP, DNS, and HTTP.

  • Malware – static and dynamic analysis techniques, detection methodologies and analysis techniques.

  • Cloud technologies, cloud service models, resource pooling, authentication, and logging capabilities associated with major service providers.

  • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.

  • Ability to communicate complex technical issues to non-technical personnel

Your Basic Qualifications:

• Education:

  • HS Diploma/ GED with 5+ years of demonstrated experience in network operations or engineer and/or system administration, troubleshooting, or similar Information Technology related experience

OR

• Bachelor’s Degree in Computer Science/Information Technology/Cybersecurity or related with 3+ years of Cybersecurity experience

• Demonstrated experience and excellence in documentation skills

• Experience working on Enterprise level cybersecurity detection and analysis

• Qualified candidates must be legally authorized to be employed in the United States.

Additional Information:

• Remote position or Hybrid if located in Indianapolis, IN

• Some travel may be required

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly