Lilly Cnslt-AWS Operation/Cybersecurity Lead in Indianapolis, Indiana
At Lilly, we serve an extraordinary purpose. We make a difference for people around the global by discovering, designing and delivering medicines that help them live longer, healthier, more active lives. In a world of connected devices, our Lilly Connected Care team is creating a suite of applications that demonstrates the power of leveraging mobile to dramatically broaden and deepen our engagement with patients, physicians and ultimately payers. We will create an ecosystem that makes it easier to track key patient data providing them educational and medical insights.
This position will be responsible for the health and security of our production cloud solution hosted on AWS which will support a number of our patient facing, connected devices and mobile applications, globally. This role will be the Service Lead with accountability to monitor the health of the production service, oversee issue investigations, and drive the execution of operational processes. This role will partner with our technical leads, cybersecurity leads, and developers, as well as internal organizations and external partners to ensure a stable and secure environment for our digital medical devices.
With a focus on continual service improvement, this role will drive process improvements and provide technical oversight of the Operations staff in order to support many aspects of our Connected Care program. A successful candidate will have experience with cybersecurity operations, AWS, managing operation of production cloud environments and working in a regulated environment.
General Operations Responsibilities (Cybersecurity and IT Service Management)
Responsible for oversight of operations including leveraging operational resources to operate required controls and processes for production environments, and ensuring SLAs are being met.
Drive and oversee Service Management processes for the platforms/applications including Incident Mgmt, Problem, Mgmt, Service Requests, Access Mgmt, Knoweledge Mgmt, etc. Continually drive improvements to these processes and how we do work.
Collaborate with development teams, internal customers, and internal partners to ensure service expectations and regulatory requirements are met.
Lead troubleshooting and investigation in response to complaints, adverse events, and production bugs identified in application. Lead triage effort across development teams and other internal teams. Act as the single point of escalation for technical platform or business issues. Communicate to stakeholders of issues and resolutions
Gather and analyze impacts from external environment (ex: NodeJS or AWS IaaS updates) and drive plan to mitigate impacts to users. Develop strategy to keep abreast of evolving external technologies and trends
Develop and drive application monitoring strategy including testing, metrics, and reporting.
Maintain Operations Knowledge Base and Quality Management documentation
Ensure proper Knowledge Transfer occurs between developers and operations staff at the appropriate milestones in a release and during issue investigations/resolution
Responsible for reporting key health metrics (e.g. system, service, delivery, financial, etc) for launched mobile medical applications and driving continuous improvements. Establish metrics roadmaps.
Responsibilities specific to Cybersecurity
Responsible for the operation of access control procedures in production environments including access approval, reviews, removal and the overall design of production access control roles.
Responsible for the operation of run-time security controls including the WAF (web application firewall) and DDoS protection capabilities.
Responsible for the operation of production monitoring for availability, performance and security.
Responsible for the operation of Confidential Information (CI) processes for production branches that integrate security testing, patches and other key updates into production containers and hosts. Security testing will include infrastructure configuration (AWS settings, cloud formation templates, base container and .ami images), continuous application testing including security.
Coordinate response of CI integrated security testing anomalies in the production branch of code for LC3/LPC including software composition analysis (SCA), static analysis (SAST), dynamic analysis (DAST), container/host vulnerability/compliance scans to ensure performance within SLAs
Responsible to maintain awareness of current cybersecurity threats in coordination with the Director of Product Cybersecurity and corporate Information Security Threat Intelligence.
1 year AWS experience
Security certification, such as CISSP or GSEC
AWS certification, such as DevOps Engineer Professional
Cybersecurity Operations experience
AWS operations experience
Service Management Operations experience
Application/platform support experience including APIs such as microservices
Ability to work off-hours during high priority incidents and willingness to be on call after hours, though coverage will be managed to balance work/life balance.
Ability to analyze, develop, and influence processes
Demonstrated partnership and communication skills (verbal and written)
Ability to work well in a global, virtual organization
Vendor management experience
Strong skillset for investigating and organizing data points
Proactive, demonstrated ability to challenge the status quo and strong ability to drive peers and above to timely decisions
A high level of intellectual curiosity, external perspective, and innovation interest
ITIL Operations Certification
Other Intermediate ITIL Certifications
Mobile app development and/or support experience
Understanding of marketing and/or device concepts
Experience with web application security tools such as static analysis (SAST),
Experience with runtime protection security tools such as WAF (web application firewall) and DDoS protection capabilities.
Experience with log monitoring solutions such as Splunk or Kinesis
Travel as job requires in US and OUS
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
AWS Operations and Cybersecurity Lead
1 year of cyber security experience
Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position.
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
State / Province: