What You Will Be Doing
The Cyber Intelligence Analyst will operate in a functional group focusing on any of the following: Attack Surface Management, Cyber Threat Intelligence, Detection and Automation Operations, Cyber Defense Readiness, External Threat Response, and Insider Threat Response.
Analysts typically begin with an assignment in the External Threat Response (ETR) function; however, you may be assigned to any of the core GCDO functions based on skills, development needs, and specific needs of the team.
The Functions Of The GCDO Are As Follows
External Threat Response (ETR): Responsible for the monitoring, detection, analysis, investigation, and response to cybersecurity related events and incidents.
Attack Surface Management (ASM): Responsible for reducing the overall attack surface of the Enterprise, including the identification, analysis, and remediation of vulnerabilities.
Cyber Threat Intelligence (CTI): Leading efforts across the organization to consume, contribute, and produce threat intelligence, both internal and external to Lilly. Maintain, develop, and evangelize to partner functions an understanding of threats, attack campaigns and intrusion sets targeting Lilly.
Cyber Defense Readiness (CDR): Responsible for the integration of key initiatives between the GCDO and the rest of Cybersecurity and other business partners.
Detection and Analysis Operations (DAO): Responsible for general SecOps and DevOps of GCDO owned capability to empower the organization. Establishing the platform and services to enable the effective detection and monitoring of security events, as well as providing a means to analyze and improve detections.
Internal Threat Response (ITR): Responsible for the monitoring, analysis, and investigation of cybersecurity related events and incidents, with a focus on the internal workforce.
How You Will Succeed
Supporting: Assisting in various cybersecurity and other work as assigned.
Analyzing: Examining cyber threats and incidents.
Developing: Creating capability to enable each core function.
Documenting: Thorough documentation of your analysis.
Detecting: Identifying potential security issues.
Prioritizing: Ranking threats based on severity.
Responding: Taking action to mitigate threats.
Recommending Strategic Changes: Drive security improvements that will increase our ability to defend the Enterprise.
Providing rotational on‑call availability for cybersecurity incidents raised outside of normal business working hours, including weekend and public holiday coverage, with an allowance and hourly premiums for hours worked.
What You Should Bring
Experience with monitoring system operations and reacting to events in response to triggers and/or observation of trends or unusual activity.
Ability to communicate complex technical issues to non‑technical personnel.
Demonstrated skills in:
Use of endpoint security tools to collect information for digital forensics and incident response efforts.
Use of strong investigatory principles to surface and pivot on information and insights that are material to a cyber investigation.
Auditing firewalls, perimeters, routers, and intrusion detection systems.
Relevant programming and query languages (e.g., PowerShell, bash, FQL, KQL, SPL, C++, Python).
Reverse engineering (e.g., software debugging, de‑compilation of code, binary literacy, Windows OS internals) to identify function and capability of malicious code.
General knowledge of:
Risk management processes (e.g., methods for assessing and mitigating risk).
Current software and methodologies for active defense and system hardening.
Netflow and raw network traffic data; foundational networking protocols such as IP, TCP, UDP, DNS, and HTTP.
Malware – static and dynamic analysis techniques, detection methodologies, and analysis techniques.
Cloud technologies, cloud service models, resource pooling, authentication, and logging capabilities associated with major service providers.
Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Certifications addressing new attack vectors (emphasis on cloud computing technology, mobile platforms, and tablet computers), new vulnerabilities, existing threats to operating environments, and managing, maintaining, troubleshooting, installing, configuring basic network infrastructure.
Basic Qualifications
Education:
2+ years of demonstrated experience in network operations or engineering and/or system administration, troubleshooting, or similar Information Technology related experience –OR–
Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or related field, with demonstrated experience and excellence in documentation skills.
Experience working on enterprise‑level cybersecurity detection and analysis.
Additional Information
Some travel may be required.
Lilly is dedicated to helping individuals with disabilities actively engage in the workforce. If you require accommodation to submit a resume for this position, please complete the accommodation request form available on our careers site.
Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
#J-18808-Ljbffr