Cyber Intelligence Analyst

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Eli Lilly Cork is made up of a talented diverse team of over 2000 employees across 60 nationalities who deliver innovative solutions that add value across a variety of Business Service functions including Finance, Information Technology, Medical, Clinical Trials and more. Eli Lilly Cork offers a premium workspace across our campus in Little Island, complete with flexible hybrid working options, healthcare, pension and life assurance benefits, subsidised canteen, onsite gym, travel subsidies and on-site parking. Inhouse People Development services, Educational Assistance, and our ‘Live Your BEST Life’ wellbeing initiatives are just some of the holistic benefits that enhance the career experience for our colleagues.

Eli Lilly Cork is committed to diversity, equity and inclusion (DEI). We cater for all dimensions ensuring inclusion of all ethnicities, nationalities, cultural backgrounds, generations, sexuality, visible and invisible disabilities and gender, with four pillars: EnAble, Age & Culture, LGBTQ+ and GIN-Gender Inclusion Network. EnAble, our pillar for people with disabilities and those that care for them, partners with the Access Lilly initiative to make our physical and digital environment accessible and inclusive for all. Together they are committed to promoting awareness to create a disability confident culture both at Eli Lilly Cork and beyond.
 
Come join our team - Be Creative, Be an Innovator, and most of all, Be Yourself!

Do you like to be in the heart of the action, on the front lines of cybersecurity defense, creating a defense system to thwart cyber-attacks?  Join us as we do this daily to protect our patients, employees, and shareholders.

The Global Cyber Defense Operations (GCDO) team is dedicated to active defense through analysis, innovation, and collaboration. Our mission focuses on unifying detection, analysis, and response strategies to safeguard Lilly's ability to develop life-changing medicines.

The threat of cybersecurity attacks has never been greater, and the GCDO’s mission has never been more important.

What You Will Be Doing:

The Cyber Intelligence Analyst will operate in a functional group focusing on any of the following: Attack Surface Management, Cyber Threat Intelligence, Detection and Automation Operations, Cyber Defense Readiness, External Threat Response, and Insider Threat Response.

Analysts typically begin with an assignment in the External Threat Response (ETR) function; however, you may be assigned to any of the core GCDO functions (Attack Surface Management, Cyber Threat Intelligence, Cyber Defense Readiness, Detection and Analysis Operations, Internal Threat Response) based on skills, development needs, and specific needs of the team.

The functions of the GCDO are as follows:

• External Threat Response (ETR): Responsible for the monitoring, detection, analysis, investigation, and response to cybersecurity related events and incidents.
• Attack Surface Management (ASM): Responsible for reducing the overall attack surface of the Enterprise, including the identification, analysis, and remediation of vulnerabilities.
• Cyber Threat Intelligence (CTI): Leading efforts across the organization to consume, contribute, and produce threat intelligence, both internal and external to Lilly. Maintain, develop, and evangelize to partner functions an understanding of threats, attack campaigns and intrusion sets targeting Lilly.
• Cyber Defense Readiness (CDR): Responsible for the integration of key initiatives between the GCDO and the rest of Cybersecurity and other business partners.
• Detection and Analysis Operations (DAO): Responsible for general SecOps and DevOps of GCDO owned capability to empower the organization. Establishing the platform and services to enable the effective detection and monitoring of security events, as well as providing a means to analyze and improve detections.
• Internal Threat Response (ITR): Responsible for the monitoring, analysis, and investigation of cybersecurity related events and incidents, with a focus on the internal workforce.

How You Will Succeed:

Through the effective performance of the following responsibilities:

• Supporting: Assisting in various cybersecurity and other work as assigned.
• Analyzing: Examining cyber threats and incidents.
• Developing: Creating capability to enable each core function.
• Documenting: Thorough documentation of your analysis.
• Detecting: Identifying potential security issues.
• Prioritizing: Ranking threats based on severity.
• Responding: Taking action to mitigate threats.
• Recommending Strategic Changes: Drive security improvements that will increase our ability to defend the Enterprise.
• Provide rotational on-call availability for cybersecurity incidents raised outside of normal business working hours. The on-call responsibilities are designed to support triage of high priority alerts to ensure the 24/7 protection of Lilly assets. Team members will be required to be on-call for one weekend (Saturday & Sunday, 8-9 hrs per day) every 4 weeks on a rotating schedule. Rotating schedules may also be established to cover Public Holidays. Team members will receive a fixed on-call allowance per day of on-call, paid monthly in arrears. In addition to the on-call allowance, additional premiums for hours worked during the on-call period will apply at an hourly rate for each hour worked, paid monthly in arrears.

What You Should Bring:

• Experience with monitoring system operations and reacting to events in response to triggers and/or observation of trends or unusual activity.
• Ability to communicate complex technical issues to non-technical personnel
• Demonstrated skills in:
  • Use of endpoint security tools to collect information for digital forensics and incident response efforts.
  • Use of strong investigatory principles to surface and pivot on information and insights that are material to a cyber investigation.
  • Auditing firewalls, perimeters, routers, and intrusion detection systems.
  • Relevant programming and query languages (e.g., PowerShell, bash, FQL, KQL, SPL, C++, Python, etc.).
  • Reverse engineering (e.g., software debugging, de-compilation of code, binary literacy, Windows OS internals) to identify function and capability of malicious code.
• General knowledge of:
  • Risk management processes (e.g., methods for assessing and mitigating risk).
  • Current software and methodologies for active defense and system hardening.
  • Netflow and raw network traffic data; foundational networking protocols such as IP, TCP, UDP, DNS, and HTTP.
  • Malware – static and dynamic analysis techniques, detection methodologies and analysis techniques.
  • Cloud technologies, cloud service models, resource pooling, authentication, and logging capabilities associated with major service providers.
  • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Certifications addressing new attack vectors (emphasis on cloud computing technology, mobile platforms, and tablet computers), new vulnerabilities, existing threats to operating environments, managing, maintaining, troubleshooting, installing, configuring basic network infrastructure.

Basic Qualifications:

• Education:
  • HS Diploma or equivalent with 2+ years of demonstrated experience in network operations or engineer and/or system administration, troubleshooting, or similar Information Technology related experience -OR-
  • Bachelor’s Degree in Computer Science/Information Technology/Cybersecurity or related
• Demonstrated experience and excellence in documentation skills
• Experience working on Enterprise level cybersecurity detection and analysis

Additional Information:

• Some travel may be required

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

#WeAreLillyUKandIreland