Threat Mitigation Lead - Network and Systems Attack Surface

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Lilly Cyber is looking for an experienced Cyber Threat Mitigation Lead with a strong focus on Infrastructure Security as well as cyber technology control solutions (ex. EDR, SIEM, Firewalls). This role is designed for someone who excels at working with cross-functional teams to drive down security risks and threats in Lilly’s network and infrastructure. This lead will partner closely with cyber leadership to understand risk and prioritize efforts. The candidate will address challenging complex issues; therefore, creative problem-solving is essential.

As a Threat Mitigation Lead, you will be responsible for working with internal cyber teams, enterprise network and infrastructure teams, and other stakeholders to reduce the impact of identified threats. You will be a key player in the implementation of mitigation strategies from prioritization to execution and lessons learned that will drive improved network and infrastructure security posture.

What You Will Do:

Threat Mitigation

• Lead Network and Infrastructure Security Threat Mitigation efforts to reduce security threats across network and infrastructure environments.

• Aid in developing solutions that bring risks within acceptable levels.

• Collaborate with network and systems engineering and cyber teams to achieve threat mitigation objectives.

• Partner with network security experts and cyber leadership to prioritize identified security threats.

•    Provide guidance and raise awareness on mitigation activities that require monitoring to account for changing threat landscapes and any residual risk.

Drive Secure Network and Infrastructure

• Partner with Network and Infrastructure teams to promote the implementation of best practices and vulnerability remediation.

• Drive implementation of practical mitigation actions, balancing security and business objectives.

Strategy Execution

• Act as a key player in the creation and execution of threat mitigation strategies for vulnerabilities, configuration enhancements, and security tool enablement.

• Ensure identified vulnerabilities and risks are effectively tracked and managed through their lifecycle, from detection to remediation.

• Develop and refine strategies that help teams respond to evolving threats, reducing their risk to production systems.

Cross-functional Collaboration

• Contribute to alignment and collaboration across infrastructure and security platform teams.

Continuous Improvement of Security Practices

• Work with cyber leadership and network and infrastructure teams to continuously improve threat mitigation and security integration processes.

• Recommend and drive improvements in network and infrastructure security practices and collaborate with teams to implement them.

• Encourage and maintain a security-aware culture among network and infrastructure teams to make security an inherent part of their workflows.

• Support effort to improve metrics and reporting

• Participate in providing regular updates to cyber leadership on progress made toward reducing security risks and the overall security posture of network and infrastructure.

• Ensure visibility into ongoing efforts to mitigate threats, escalating key issues as needed.

Your Basic Qualifications:

• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent work experience).

• 5+ years of experience in network and infrastructure security, cybersecurity, or related fields.

• Deep understanding of network platforms and network-native security tools and services (EDR, SIEM, Firewalls, IDS/IPS).

• Proven experience with vulnerability management in network and infrastructure environments.

• Strong knowledge of network security best practices and frameworks (e.g., CIS, NIST, SOC 2, ISO 27001).

• Hands-on experience with security technologies such as firewalls, encryption, SIEM, and DLP (Data Loss Prevention)

What You Should Bring:

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Network Security Professional (CNSP), or equivalent.

• Excellent leadership and team management skills with the ability to drive security initiatives across departments.

• Strong problem-solving and analytical skills, with a keen eye for detail and risk management

• Experience with security automation and network security orchestration.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly