At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

What You'll Be Doing:

As the Global Lead, Detection & Analysis Operations (DAO) , you will play a critical role in safeguarding Lilly against cyber threats, ensuring seamless integration with our Global Cyber Defense Operations (GCDO) organization. The successful candidate will lead and transform the DAO function within the GCDO organization within Lilly. In this dual-role, you will be expected to be a player/coach - exercising your analysis skills and leading the function which specializes in building and maintaining the capabilities that drive our ability to detect, analyze, and respond to cyber threats.

You will be responsible for developing innovative infrastructure/capability in support of the core GCDO services, such as incident response, threat intelligence, hunting, and insider threat.

All GCDO analysts are expected to support the various functions of our organization as required.

What You Should bring:

DevOps: The candidate will develop innovative solutions to the challenges that uniquely face Lilly and work drive the seamless integration of those solutions into operations using industry best practices.

• Improve the quality of GCDO code and infrastructure

• Develop new custom applications and integrations.

• Troubleshoot and resolve issues in our production environment.

• Stay up to date on the latest DevOps technologies and practices.

Collaboration: The candidate will inspire and motivate team members to achieve their full potential, assess their skills and capabilities, and foster a culture of continuous learning and development. Mentor and guide GCDO analysts in their growth and implementation of the above.

• Build a framework that empowers GCDO analysts to quickly develop and deploy detections and enrichments.

Automation: The candidate who fills this position will be responsible for automating our deployment and infrastructure provisioning processes, improving our monitoring and alerting capabilities, and helping us to achieve continuous delivery of the tools of a sophisticated security incident response team. Some examples include:

• The deployment of tools used by GCDO analysts by implementing CI/CD pipelines.

• The provisioning and maintenance of GCDO infrastructure.

• Improve our monitoring and alerting capabilities for our cloud-native applications.

Your Basic Requirements:

• Bachelor’s degree in computer science/information technology

• OR High School diploma with 14+ years of Cyber Security experience

• 12+ years of operational Cyber Security related experience

• Experience with operations and enhancements of Security Orchestration, Automation, and Response (SOAR) platforms

• Experience with malware reverse engineering, threat intelligence analysis, detection development

Additional Preferences:

• Exceptional troubleshooting and interpersonal skills with strong technical leadership. Must possess a willingness to rapidly learn new technologies, drive incident response efforts, and support root cause analysis.

• Deep understanding of advanced cybersecurity concepts and analysis techniques relative to common operating systems, networks, applications, data, and web technologies.

• Previous experience driving intelligence driven defense in a global enterprise.

• A research and intelligence driven approach toward cultivating unique insights for other analysts. An ability to recognize and map unique findings into actionable intelligence with an eye toward automation and capability development.

• Understanding of both static and dynamic malware reverse engineering techniques. Familiarity with safe malware handling practices, techniques for analysis automation, and ability to analyze multiple executable file formats and scripting languages.

• Command of multiple OS platforms such as Windows and Linux. A demonstrated ability to conduct detailed forensic analysis of each environment along with a familiarity of chain of custody and evidence handling procedures.

• Past experience contributing to and implementing open source solutions such as Zeek, Suricata, and YARA for network monitoring and detection development.

• An understanding of open source development using tools such as VSCode and Git. Track record of developing and maintaining open source projects a plus.

• Proficiency with multiple programming languages such as Python, C++, C#, PowerShell, Linux command utilities, and at least one query language such as SQL.

• Ability to follow and enforce code contribution guidelines and standards as well as superior documentation and technical writing ability.

• Strong leadership skills to lead and manage a team, foster intelligent risk-taking, and demonstrate a global perspective.

• Knowledge of fundamental security principles, common controls, and cyber defense techniques and the ability to communicate security principles and techniques at multiple levels

• Agile for ever-changing business needs, architecture changes, vendor/supplier offerings and service changes.

• Ability to demonstrate critical thinking when faced with limited options, while applying strong problem-solving skills to translating complex concepts into actionable remediation plans.

• Ability to communicate low level technical findings to a broad audience pertaining to incident response, malware analysis, and digital forensics. Familiarity with teaching concepts to an audience of peers.

• Demonstrated successful experience working in global organization in a virtual capacity.

• Strong sense of urgency and commitment, as well as sound business sense with a strategic, conceptual, and operational orientation.

• Highly collaborative; personally, and professionally self-aware; able to and interested in interacting with employees at all levels; embody integrity; and represent and inspire the highest ethical standards.

• Careful listener with the confidence to make crisp and tough decisions about difficult issues; natural propensity to make others feel that their viewpoints and perspectives are adequately considered; great judge of talent and a superb role model for future leaders; ability to retain, develop and attract best-in-class talent from inside and outside the organization.

Additional information:

• Remote option for non-local candidates.

• Local candidates will be on a hybrid work model at the Lilly Corporate Center in Indianapolis.

• Lilly currently anticipates that the base salary for this position could range from between $133,500 to $211,200 and will depend, in part, on the successful candidate’s qualifications for the role, including education and experience. Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).  Of course, the compensation described above is subject to change and could be higher or lower than the range described above.  Further, Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form ( https://careers.lilly.com/us/en/workplace-accommodation ) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.

#WeAreLilly