Lilly Jobs

Job Information

Lilly Analyst – IT Information Security Investigation & Response in Indianapolis, Indiana

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 35,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Organization Overview:

At Lilly, we serve an extraordinary purpose. We make a difference for people around the globe by discovering, developing and delivering medicines that help them live longer, healthier, more active lives. Not only do we deliver breakthrough medications, but you also can count on us to develop creative solutions to support communities through philanthropy and volunteerism.

Position Description:

The Security Operations Center (S0C) Analyst is responsible for executing the daily operational procedures for monitoring the Security Incident and Event Management (SIEM) triage channels and taking the appropriate action to ensure that all Information Security Incidents (ISIs) are handled accordingly. This role will also be responsible for the measurement and continual improvements of all Information Security Response (ISIR) program operational procedures. This role is expected to ensure successful completion of all procedures executed during normal work hours. The Security Operations Center Analyst collates information into an accessible format and ensures its full dissemination.


  • Maintain the group email mailbox and distribution lists, update all relevant documentation - such as shift logs and tickets

  • Monitor incoming detected events via the SIEM triage channel and other intake channels for prospective ISIs per operational procedures and guidelines

  • Execute the Information Fusion Procedure as necessary

  • Adhere to all defined Incident Response Service Level Agreements.

  • Monitor Team email mailbox for activities related to Team ISI engagements

  • Monitor SOC ticket (and email) queue for prospective event reporting from outside entities and individual users

  • Rapidly identify, categorize and prioritize detected events as the initial information security event detection group for the enterprise using all available Cyber Fusion detect sources

  • Ensure detected event(s) are addressed in a rapid manner using available reporting and metrics

  • Perform analysis and triage of prospective ISIs, and advance or close detected events as applicable

  • Use available tools as defined in the Use Case Response Plans to analyze detected events; for example, use historical searches using SIEM queries or Netflow analysis for available Netflow collection devices

  • Maintain team shift logs with relevant activity from current shift

  • Document analysis results, ensuring relevant details are Included

  • Reference and update Team Knowledge Base as necessary for changes to processes and procedures, and awareness of daily intelligence reports and previous shift logs

  • Perform additional auxiliary responsibilities as outlined in the Console Monitoring Procedure

  • Provide rotational on-call availability for ISIs raised outside of normal business working hours as well as monitoring for potential imminent threats and ISIs

  • Interact with other Information Security and IT Infrastructure groups as necessary

  • Serve as a backup analyst for any coverage gaps to ensure business continuity

Basic Requirements:

  • HS Diploma/GED with 5+ years of experience in network operations or engineer and/or system administration or similar information technology related

  • Bachelor’s degree in computer science/information technology OR bachelor’s degree in other field with 3+ years’ experience of information security

  • Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position

Additional Skills/Preferences:

  • Information Security Certifications such as: CISSP, CISM, GCIH, GCIA, GCFA, GREM

  • Ability to monitor system operations and react to events in response to triggers and/or observation of trends or unusual activity.

  • Ability to perform network collection tactics, techniques, and procedures to include decryption capabilities/tools.

  • Ability to perform wireless collection procedures to include decryption capabilities/tools.

  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.

  • Knowledge of current software and methodologies for active defense and system hardening.

  • Knowledge of forensic implications of operating system structure and operations

  • Knowledge of implementing Unix and Windows systems that provide radius authentication and logging, DNS, mail, web service, FTP server, DHCP, firewall, and SNMP.

  • Knowledge of malware.

  • Skill in auditing firewalls, perimeters, routers, and intrusion detection systems.

  • Skill in relevant programming languages (e.g., C++, Python, etc.).

  • Skill in reverse engineering (e.g., hex editing, binary packaging utilities, debugging, and strings analysis) to identify function and ownership of remote tools.

  • Certifications addressing new attack vectors (emphasis on cloud computing technology, mobile platforms and tablet computers), new vulnerabilities, existing threats to operating environments, managing, maintaining, troubleshooting, installing, configuring basic network infrastructure

Additional Information:

  • Travel: 0-10%

Eli Lilly and Company, Lilly USA, LLC and our wholly owned subsidiaries (collectively “Lilly”) are committed to help individuals with disabilities to participate in the workforce and ensure equal opportunity to compete for jobs. If you require an accommodation to submit a resume for positions at Lilly, please email Lilly Human Resources ( ) for further assistance. Please note This email address is intended for use only to request an accommodation as part of the application process. Any other correspondence will not receive a response.

Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.

As a condition of employment with Eli Lilly and Company and its subsidiaries in the United States and Puerto Rico, you must be fully COVID-19 vaccinated and provide proof of vaccination satisfactory to the company (subject to applicable law).


At Lilly we strive to ensure our employees are part of a team that cares about them and our shared purpose of making life better for those around the world. How do we do this? We continue to look for ways to include, innovate, accelerate and deliver while maintaining integrity, excellence and respect for people.​ We hope that you seek to join us on our journey as we create medicine and deliver improved outcomes for patients across the globe!