Posted: 15 June
The role
What You’ll Be Doing:
As a Cloud Security Engineer at Lilly on the Security Architecture and Engineering team, you will play a pivotal role in a dynamic environment. Your responsibilities include managing cloud security tools (CNAPP/CSPM), conducting security reviews of cloud accounts and projects, generating proactive guidance, reviewing and creating IaC/policy as code templates, and participating in cloud design discussions. You will also contribute to the development and implementation of cloud security controls, create integrations and automations for cloud security detection and response actions, and collaborate with various stakeholders across the organization.
How You’ll Succeed:
Technical expertise: Leverage deep knowledge of cloud ecosystems (AWS or Azure) to implement tailored security solutions and mitigate threats and risks.
Problem‑solving skills: Quickly identify and address security issues to deliver robust cloud security solutions in a timely manner.
Collaboration and communication skills: Actively collaborate with both local and remote team members, defining, designing, and executing cloud security strategies. Engage with both technical and non‑technical audiences.
Agility: Quickly adapt to changing threat landscape and move at the pace of the adversary.
Knowledge of cloud security trends: Stay abreast of the latest developments in cloud security and integrate these insights into practices.
Balancing security and operational needs: Balance stringent security guidelines with operational requirements, maintaining corporate security posture while understanding engineering teams’ challenges and needs.
Key Responsibilities:
Manage cloud security tools (CNAPP/CSPM) and implement cloud security controls in a multi‑cloud environment (AWS and Azure).
Conduct security reviews of cloud accounts and projects, generate proactive guidance, and participate in cloud design discussions.
Review IaC/policy as code template proposals and provide recommendations for secure cloud deployments.
Develop integrations and automations for cloud security detection and response actions to support the Cyber Defense Operations.
Partner with cloud foundation teams, Cyber Defense Operations, Tech@Lilly, business areas and suppliers to ensure secure cloud adoption and operations.
Perform threat analysis and modeling to enable business and technical partners to deliver secure solutions integrated with the SecOps lifecycle.
Apply threat‑modeling and analysis frameworks such as MITRE ATT&CK and STRIDE (or STRIDE‑LM) in security practices.
Maintain and expand technical knowledge across cloud security concepts and technologies, driving knowledge growth across security domains.
Identify technical solutions and drive implementation to support strategic direction, focusing on value, impact, risk mitigation, security controls, privacy controls, detection, response and quality.
Prioritize mitigations in relation to technology upgrades, enhancements, and process improvements within the respective domains of accountability.
Your Basic Qualifications:
Bachelor’s degree in Cyber Security, Computer Science, Information Technology, or related field OR
4+ years of experience in Cyber Security, Information Technology, or related field.
5+ years of demonstrated experience in cloud architecture and engineering, with a focus on AWS, Azure or GCP (slight preference for Azure).
Additional Skills:
Strong understanding of cloud security concepts, services and logs, including Identity and Access Management, Networking and Security in a public cloud environment.
Experience with cloud security services such as Security Hub, GuardDuty, CloudTrail, Config, VPC Flow Logs, Amazon Inspector, Amazon Detective, Cloud Custodian, Azure Policy, Azure Activity log, Defender for Cloud, Azure Sentinel or Security Copilot.
Basic proficiency in a programming language (e.g., Python) and experience with cloud automation and integration using tools such as Lambda, Step Functions, Glue, Azure Functions, Terraform or CloudFormation.
Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form at https://careers.lilly.com/us/en/workplace-accommodation for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.
Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
#J-18808-Ljbffr
