What you'd actually do

Lead the continued development and maturation of the Cyber Threat Intelligence function, advancing it from intelligence consumer to intelligence producer and contributor across the pharmaceutical industry and the broader cyber community.

Maintain personal technical proficiency in threat analysis, attribution, and intelligence tradecraft. Be the example on complex analytical work, set the technical bar for the team, and remain credible at the keyboard while developing analyst capability.

Direct the threat actor tracking and attribution program as a multi-functional Cybersecurity capability — championing adoption across response, detection, architecture, platforms, threat mitigation, identity, and other defensive functions, while remaining accountable for the program's outputs, methodology, and long-term maturation.

Lead the cyber threat intelligence components of brand and executive protection, in close coordination with Corporate Security, Legal, the Brand Office, and other partners.

Develop and maintain strong working relationships with key partners across Cybersecurity, Corporate Security, HR, Legal, the Brand Office, Ethics & Compliance, and Tech@Lilly.

Skills

Required

Cybersecurity
Cyber Threat Intelligence
threat actor tracking
attribution
analytical methods
defensive decisions
malware analysis
reverse engineering
campaign tracking
adversary objectives
techniques
patterns

Nice to have

player/coach
technical depth
leading a team
shaping strategy
analytical and problem-solving skills
intelligence that drives decisions
leading or significantly contributing to a threat actor tracking

What the JD emphasized

Demonstrated experience materially contributing to threat actor tracking, attribution, and analytical methods that directly inform defensive decisions.

Evidence of skills in areas e.g., malware analysis and/or reverse engineering, and campaign tracking to understand adversary objectives, techniques, and patterns.

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

The Cyber Threat Intelligence (CTI) Lead Analyst leads one of the eight functional teams within Global Cyber Defense Operations (GCDO). The role directs the strategy, operations, and continued maturation of Lilly's Cyber Threat Intelligence function — covering threat actor tracking and attribution, brand and executive protection, intelligence sharing collaborators, and the integration of intelligence into detection, response, and proactive defense across GCDO.

This is a player/coach role. The CTI Lead Analyst is expected to maintain personal technical depth in threat analysis and set the example of the standard on the hardest analytical work, while simultaneously shaping the strategy of the function, developing the analyst team, and representing GCDO across multi-functional and external forums. Candidates should expect to spend their time across both the technical and strategic dimensions of the role rather than choosing one.

What You Will Do:

**Function Strategy and Maturation: **Lead the continued development and maturation of the Cyber Threat Intelligence function, advancing it from intelligence consumer to intelligence producer and contributor across the pharmaceutical industry and the broader cyber community.
**Hands-on Technical Leadership (Player/Coach): **Maintain personal technical proficiency in threat analysis, attribution, and intelligence tradecraft. Be the example on complex analytical work, set the technical bar for the team, and remain credible at the keyboard while developing analyst capability.
**Threat Actor Tracking and Attribution: **Direct the threat actor tracking and attribution program as a multi-functional Cybersecurity capability — championing adoption across response, detection, architecture, platforms, threat mitigation, identity, and other defensive functions, while remaining accountable for the program's outputs, methodology, and long-term maturation. Maintain alignment between internally tracked activity clusters and industry-recognized threat actor designations to support shared understanding across the security community. Ensure the program produces actionable intelligence that informs detection, response, and strategic decisions across the enterprise.
**Brand and Executive Protection: **Lead the cyber threat intelligence components of brand and executive protection, in close coordination with Corporate Security, Legal, the Brand Office, and other partners. Drive multi-functional governance to reduce duplication and improve coverage across protective monitoring services.
**Partner Collaboration: **Develop and maintain strong working relationships with key partners across Cybersecurity, Corporate Security, HR, Legal, the Brand Office, Ethics & Compliance, and Tech@Lilly. Represent GCDO and the CTI function in multi-functional forums where intelligence drives prioritization.
**Intelligence Sharing and Industry Engagement: **Strengthen Lilly's role as an active contributor in pharmaceutical-sector and cross-industry intelligence sharing communities. Direct analyst engagement in intelligence sharing collaborators and ensure Lilly contributes high-value research at a cadence consistent with peer organizations.
Team Leadership and Development: Lead a team of cyber threat intelligence analysts. Provide direction, mentorship, and structured development. Build a high-performing team with clear succession depth across analyst tradecraft, brand protection, and strategic intelligence.
**Tooling and Capability Enhancement: **Direct the evaluation, introduction, and integration of capabilities supporting the CTI mission. Ensure intelligence is operationalized into automated enrichment, detection, and response workflows across the GCDO toolchain.
**Incident Response Support: **Provide intelligence-driven support to incident response investigations, particularly for sophisticated and targeted activity. Ensure CTI insights inform the full response lifecycle from triage through after-action review.
**Training, Awareness, and Communication: **Develop and deliver training and awareness programs that improve the organization's understanding of the external threat landscape. Communicate intelligence findings in formats appropriate for technical analysts, operational leaders, and senior leaders.

Your Minimum Basic Qualifications

HS Diploma/GED required
7+ years of shown experience in Cybersecurity, including hands on cyber threat intelligence work
Demonstrated experience materially contributing to threat actor tracking, attribution, and analytical methods that directly inform defensive decisions.
**Evidence of skills in areas e.g., malware analysis and/or reverse engineering, and campaign tracking to understand adversary objectives, techniques, and patterns. **
Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization or visas for this role, including but not limited to F-1 CPT, F-1 OPT, F-1 STEM OPT, J-1, H-1B, TN, O-1, E-3, H-1B1, or L-1.

Additional Skills / Preferences

Proven ability to operate as a player/coach — maintaining technical depth while leading a team and shaping strategy
Strong analytical and problem-solving skills, with a track record of producing intelligence that drives decisions
Experience leading or significantly contributing to a threat actor tracking, attribution, or intelligence analysis program
Experience working across brand protection, executive protection, or related multi-functional domains is preferred
Clear and confident communicator, with the ability to translate technical intelligence for technical, operational, and executive audiences
Ability to work independently and lead through influence across organizational boundaries
High level of integrity and ethical standards; awareness of laws, regulations, policies, and ethics as they relate to cybersecurity, privacy, and intelligence work
Relevant certifications such as GIAC Cyber Threat Intelligence (GCTI), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA)

Additional Information

Due to the global nature of this position, some international travel may be required.

This position may be filled with a remote worker. Remote workers may be asked to travel based on business needs, which would require discussion and approval from the employee's supervisor.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location. The anticipated wage for this position is

$162,000 - $268,400

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly