Cyber Threat Detection

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 35,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

**Company Overview**

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world. #WeAreLilly

Required:

- Bachelor's/Master's degree in a related field or equivalent demonstrated experience and knowledge
- Understanding of cyber security and IT disciplines including networking, operating systems, authentication protocols, general enterprise network architecture, and security incident response.
- Understanding of common enterprise technology purposes and logging capabilities including firewalls, Active Directory, antivirus/EDR, IDS/IPS, proxies, and cloud platforms
- Understanding of a log aggregation or correlation technology such as Splunk, QRadar, LogRhythm, Carbon Black, or CrowdStrike.
- Understanding of security detection frameworks such as MITRE ATT&CK, Cyber Kill Chain, and NIST
- Positive and Influential Attitude, Energy, and Effort
- Adaptability, Accountability, Helpfulness, and Focus
- Ability to communicate east-west across multiple diverse teams in both focus, skillset, and geo-location

Core Responsibilities:

- Build new detection capabilities based upon research, analysis of threat actor methodology, and testing of new attack techniques
- Translate threat intelligence into actionable detection methods
- Actively work with our threat operations and engineering team to enhance the processes that support the MTR team’s mission
- Identify and automate repetitive or tedious tasks to optimize our threat detection workflow
- Define and tune data sources to better identify and stop threat actor activity

Preferred:

- 3+ Years of experienced professional.
- Hands-on experience with Splunk and specifically Splunk SPL(Search Process Language).
- Good knowledge on creating/building usecases in the Splunk/any of the SIEM environment.
- Tuning(fine tuning)/refining of the usecases or alerts triggered in the SIEM.
- Auditing of the threat detection logic(aka.SOC usecases)will an added advantage.
- A strong desire to understand the what as well as the why and the how of security incidents
- Good knowledge on creating usecases in the Splunk environment especially for tuning/refining and auditing of the threat detection logic(aka.SOC usecases).
- A strong desire to understand the what as well as the why and the how of security incidents

Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

WeAreLilly