Jr. Cyber Threat Hunter
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world. #WeAreLilly
The Jr. Cyber Threat Hunter will be a key member of the Threat Intelligence and Detection team within Eli Lilly’s Cyber Fusion Center. The Jr. Cyber Threat Hunter will be responsible for turning threat intelligence into actionable detection of adversary behaviors. The primary responsibility of a threat hunter is to proactively and iteratively discover signs of current or past malicious activity within Lilly’s environments. The threat hunter will work with our suite of security tools to identify suspicious activities and will use more advanced techniques to discover threats that may have eluded detection. The Jr. Cyber Threat Hunter will expected to be results-oriented, multi-disciplined, and passionate about assessing and improving the security of diverse and complex systems according to industry regulations and information security governance framework.
- Conduct "Hunt Missions" using threat intelligence, analysis of anomalous logs data and results of brainstorming sessions with the goal of identifying threat actors in Eli Lilly’s environment.
- Perform analysis of Netflow, network traffic logs, DNS query logs, proxy logs, network packet captures, as well as other logs form applications and operating systems.
- Analyze and hunt for various threat actor groups, attack patterns and tactics, techniques and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets.
- Contribute to the development of use cases and threat detection logic to enhance threat detection capabilities.
- Continuously improve processes for use across multiple detection sets for more efficient security operations.
- Provide expert level support for larger scale or complex security incidents. Documenting best practices for threat hunting and detection development.
- Maintain and employ a strong understanding of advanced threats, continuous vulnerability assessment, response and mitigation strategies used in Cybersecurity operations.
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
- Effectively communicate findings and strategy to customer stakeholders, including technical staff, executive leadership and legal counsel.
- Collaborate and interface virtually with a multitude of stakeholders within or outside the Cyber Fusion Center.
- 3+ years of overall experience
- 1 – 3+ years of overall IT Infrastructure experience (both system and network experience).
- 1 – 3+ years of recent experience in a technical security role (such as in a SOC, Incident Response team, Malware Analyst, Threat Analyst, Threat Hunting, Pen Tester, Adversary Simulation, etc..).
- Demonstrated technical experience with Windows and/or Unix/Linux operating systems including command-line tasks and scripting.
- Demonstrated technical experience with Networking (data flows, architecture, protocols, traffic analysis, wireless, etc.).
- Demonstrated experience working with extremely large data sets, using tools and scripting languages like SIEM Tools (i.e. Splunk), Case Management Tools (e.g. Swimlane, Phantom, etc.), EDR tools (e.g. Tanium, Microsoft Defender ATP, etc.), Network Analysis Tools (NetWitness, Panorama)
- Experience with advanced persistent threats and human adversary compromises.
- Experience pivoting across the Diamond Model and all stages of the kill-chain
- Experience using the Pyramid of Pain in conjunction with MITRE’s ATT&CK Framework to develop threat hunting hypothesis.
- Experience working with security intelligence, data analytics, security incident response, and forensic investigation teams.
- Good research and documentation skills including knowledge of major OSINT sources and their investigatory value.
- Knowledge of current hacking techniques, vulnerability disclosures, and data breach incidents, and security analysis techniques.
- Knowledge of malware families, botnets, threats by sector, and various attack campaigns and attacker methods, tools/techniques/practices.
- Knowledge with threat modeling, development of attack plans, performing manual & automated Ethical Hacking, & develop proof of concept exploits.
- Knowledge with Cloud Infrastructure monitoring.
- Strong ability to work effectively in a team environment as a mentor.
- Proven ability to partner with staff and managers in the Information Security and Information Services organizations.
- Demonstrated interpersonal skills, highly self-motivated and including conflict resolution.
- Bachelor’s Degree in Computer Science or equivalent is required.
- Master’s Degree in Information Security or Cyber Security or associated field is preferred.
- One or more of the following certifications are required:
- CISSP, OSCP, CEH, GCFA, GNFA, GIAC or other security related certifications
- AI/ML experience is preferred
Eli Lilly and Company, Lilly USA, LLC and our wholly owned subsidiaries (collectively “Lilly”) are committed to help individuals with disabilities to participate in the workforce and ensure equal opportunity to compete for jobs. If you require an accommodation to submit a resume for positions at Lilly, please email Lilly Human Resources ( Lilly_Recruiting_Compliance@lists.lilly.com ) for further assistance. Please note This email address is intended for use only to request an accommodation as part of the application process. Any other correspondence will not receive a response.
Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
To submit resume, visit https://www.lilly.com/careers and apply to Req ID R-2232.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
Our scientists and researchers are developing the breakthrough medicines of tomorrow. Join us and become a creative innovator and thinker who can improve the lives of millions.
We’d love to meet you to discuss career opportunities. Check our calendar now to see when we’ll be in your area.View All Events
By signing up for job alerts, you’ll be the first to learn about opportunities that could be a great fit for you via periodic email updates.Sign Up
Join Our Talent Community
Share a bit about yourself, such as the career area you are interested in. We will then reach out to you when the perfect position is available!Sign Up