Lilly Cnslt-AWS Operation/Cybersecurity Lead in Indianapolis, Indiana



At Lilly, we serve an extraordinary purpose. We make a difference for people around the global by discovering, designing and delivering medicines that help them live longer, healthier, more active lives. In a world of connected devices, our Lilly Connected Care team is creating a suite of applications that demonstrates the power of leveraging mobile to dramatically broaden and deepen our engagement with patients, physicians and ultimately payers. We will create an ecosystem that makes it easier to track key patient data providing them educational and medical insights.

This position will be responsible for the health and security of our production cloud solution hosted on AWS which will support a number of our patient facing, connected devices and mobile applications, globally. This role will be the Service Lead with accountability to monitor the health of the production service, oversee issue investigations, and drive the execution of operational processes. This role will partner with our technical leads, cybersecurity leads, and developers, as well as internal organizations and external partners to ensure a stable and secure environment for our digital medical devices.

With a focus on continual service improvement, this role will drive process improvements and provide technical oversight of the Operations staff in order to support many aspects of our Connected Care program. A successful candidate will have experience with cybersecurity operations, AWS, managing operation of production cloud environments and working in a regulated environment.

Key Objectives/Deliverables:

General Operations Responsibilities (Cybersecurity and IT Service Management)

  • Responsible for oversight of operations including leveraging operational resources to operate required controls and processes for production environments, and ensuring SLAs are being met.

  • Drive and oversee Service Management processes for the platforms/applications including Incident Mgmt, Problem, Mgmt, Service Requests, Access Mgmt, Knoweledge Mgmt, etc. Continually drive improvements to these processes and how we do work.

  • Collaborate with development teams, internal customers, and internal partners to ensure service expectations and regulatory requirements are met.

  • Lead troubleshooting and investigation in response to complaints, adverse events, and production bugs identified in application. Lead triage effort across development teams and other internal teams. Act as the single point of escalation for technical platform or business issues. Communicate to stakeholders of issues and resolutions

  • Gather and analyze impacts from external environment (ex: NodeJS or AWS IaaS updates) and drive plan to mitigate impacts to users. Develop strategy to keep abreast of evolving external technologies and trends

  • Develop and drive application monitoring strategy including testing, metrics, and reporting.

  • Maintain Operations Knowledge Base and Quality Management documentation

  • Ensure proper Knowledge Transfer occurs between developers and operations staff at the appropriate milestones in a release and during issue investigations/resolution

  • Responsible for reporting key health metrics (e.g. system, service, delivery, financial, etc) for launched mobile medical applications and driving continuous improvements. Establish metrics roadmaps.

Responsibilities specific to Cybersecurity

  • Responsible for the operation of access control procedures in production environments including access approval, reviews, removal and the overall design of production access control roles.

  • Responsible for the operation of run-time security controls including the WAF (web application firewall) and DDoS protection capabilities.

  • Responsible for the operation of production monitoring for availability, performance and security.

  • Responsible for the operation of Confidential Information (CI) processes for production branches that integrate security testing, patches and other key updates into production containers and hosts. Security testing will include infrastructure configuration (AWS settings, cloud formation templates, base container and .ami images), continuous application testing including security.

  • Coordinate response of CI integrated security testing anomalies in the production branch of code for LC3/LPC including software composition analysis (SCA), static analysis (SAST), dynamic analysis (DAST), container/host vulnerability/compliance scans to ensure performance within SLAs

  • Responsible to maintain awareness of current cybersecurity threats in coordination with the Director of Product Cybersecurity and corporate Information Security Threat Intelligence.

Req ID:


Additional Skills/Preferences:

  • 1 year AWS experience

  • Security certification, such as CISSP or GSEC

  • AWS certification, such as DevOps Engineer Professional

  • Cybersecurity Operations experience

  • AWS operations experience

  • Service Management Operations experience

  • Application/platform support experience including APIs such as microservices

  • Ability to work off-hours during high priority incidents and willingness to be on call after hours, though coverage will be managed to balance work/life balance.

  • Ability to analyze, develop, and influence processes

  • Demonstrated partnership and communication skills (verbal and written)

  • Ability to work well in a global, virtual organization

  • Vendor management experience

  • Strong skillset for investigating and organizing data points

  • Proactive, demonstrated ability to challenge the status quo and strong ability to drive peers and above to timely decisions

  • A high level of intellectual curiosity, external perspective, and innovation interest

  • ITIL Operations Certification

  • Other Intermediate ITIL Certifications

  • Mobile app development and/or support experience

  • Understanding of marketing and/or device concepts

  • Experience with web application security tools such as static analysis (SAST),

  • Experience with runtime protection security tools such as WAF (web application firewall) and DDoS protection capabilities.

  • Experience with log monitoring solutions such as Splunk or Kinesis

Additional Information:

  • Travel as job requires in US and OUS

  • Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.


AWS Operations and Cybersecurity Lead

Job Category:

Information Technology

Basic Qualifications:

  • 1 year of cyber security experience

  • Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position.

Company Overview:

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.





State / Province:



North America