Security Operations Analyst- Digital Forensics Service Owner
Indianapolis, Indiana
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
The Monitoring, Investigations, and Response (MIR) Department has key responsibility for Cyber Incident Response, Cyber Threat Intelligence, and Digital Forensics Investigations.
TheSecurityOperationsAnalystis responsible foracting as theDigital Forensics Service Owner. Thisincludesmanaging service providers supporting Digital Forensics servicesandcommunicating with key stakeholdersin the SOC, HR, Legal, Privacy,andCloudand OT environments.Thein-scopeDigital Forensicsservices includemalware analysis andforensics forfile systems,memory,mobile devices,networks,and thecloud.TheSecurity Operations Analystis expected toworkwithmanagementto adapt and execute theannual DigitalForensics business plan.
The Security Operations Analystisalsoresponsible forperforming Security Incident Responseactionsincludingexecuting the daily operational procedures for monitoring the Security Incident and Event Management (SIEM) triage channels and taking the appropriate action to ensure that all Information Security Incidents (ISIs) are handled accordingly. This role will also be responsible for the measurement and continual improvements of all Information Security Response (ISIR) program operational procedures. Thesuccessful completion of allexecutedproceduresand collation of informationis also expected.
Responsibilities:
Digital Forensics Service Owner
Maintain the Lilly onsite forensic lab equipment and tool validation
Serve as the primary point of contact forservice providers supporting Digital Forensics services
Provide on-call availability forescalationsraisedby service providersoutside of normal business working hours
Participate in regular service reviews with suppliers
Track supplier performance, verify/audit supplier metrics, and ensure viability of service levels
Support alignment of Digital Forensics serviceswith the current and future needs of the business
Define improvements in the quality ofDigital Forensicsservices delivered
Interface with External Supplier Management team to analyze supplier performance
Coordinate services and plans to ensure priorities are addressed appropriately
Act as primary communication liaison on a day-to-day basis regarding service delivery changes, problems,and recovery efforts
Take accountability for incident escalation and ensure there is a defined approach for incident management and resolution
Provide early warning to management regarding degraded or missed service levels
Review service offerings/changes to determine the impact on the Digital Forensics service, including any modifications to business planning for the service.
In conjunction with Corporate Auditing Service and Quality, audit the services to ensure adherence to processes and procedures
Explain highly complex and technical details to a variety of audiences including executives, legal advisors, peers, partners, and other analysts.
Incident Response
Monitor incoming detected events via the SIEM triage channel and other intake channels for prospective ISIs per operational procedures and guidelines
Execute the Information Fusion Procedure as necessary
Adhere to all defined Incident Response Service Level Agreements.
Monitor Team email mailbox for activities related to Team ISI engagements
Monitor SOC ticket (and email) queue for prospective event reporting from outside entities and individual users
Rapidly identify, categorize,and prioritize detected events as the initial information security event detection group for the enterprise using all available Cyber Fusion detect sources
Ensure detected event(s) are addressed in a rapid manner using available reporting and metrics
Perform analysis and triage of prospective ISIs, and advance or close detected events as applicable
Use available tools to analyze detected events
Document analysis results, ensuring relevant details are Included
Reference and update Team Knowledge Base as necessary for changes to processes and procedures, and awareness of daily intelligence reports and previous shift logs
Perform additional auxiliary responsibilities as outlined in the Console Monitoring Procedure
Interact with other Information Security and IT Infrastructure groups as necessary
Serve as a backup analyst for any coverage gaps to ensure business continuity
Basic Requirements:
Bachelor’s Degree in Computer Science/Information Technology or related field with3+years experience with digital forensics technologies and standard processes (Information Security, Network Operations, System Administration, Incident Response or similar information technology related experience) OR
High School Degree/GED with 5 years experience with digital forensic technology and standard processes.
Additional Skills/Preferences:
Strong interpersonal, written,and verbal communication skills.
Industry certs such as CCE, CFCE, CFDI,EnCE, EnCEP, ACE, or similar forensic certification
Experience with common off-the-shelf (COTS) DF and IR software
Knowledge of processes for seizing and preserving digital evidence
Knowledge of and mobile device tools such asCellebriteand BlackLight
Knowledge of malware analysis tools (e.g.,Oily Debug, Ida Pro)
Skill in using forensic tool suites (e.g., Encase,Sleuthkit, FTK).
CISSP, GCIH, GCFA, GREM, GPEN or similar security certification.
Knowledge of specific operational impacts of cybersecurity lapses.
Knowledge of investigative implications of hardware, Operating Systems, and network technologies.
Additional Information:
Travel:0-10%
Eli Lilly and Company, Lilly USA, LLC and our wholly owned subsidiaries (collectively “Lilly”) are committed to help individuals with disabilities to participate in the workforce and ensure equal opportunity to compete for jobs. If you require an accommodation to submit a resume for positions at Lilly, please email Lilly Human Resources ( Lilly_Recruiting_Compliance@lists.lilly.com ) for further assistance. Please note This email address is intended for use only to request an accommodation as part of the application process. Any other correspondence will not receive a response.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
To submit resume, visit https://www.lilly.com/careers and apply to Req ID R-7236.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
About Science
Our scientists and researchers are developing the breakthrough medicines of tomorrow. Join us and become a creative innovator and thinker who can improve the lives of millions.
Recruiting Events
We’d love to meet you to discuss career opportunities. Check our calendar now to see when we’ll be in your area.
View All EventsStay Connected
Job Alerts
By signing up for job alerts, you’ll be the first to learn about opportunities that could be a great fit for you via periodic email updates.
Sign UpJoin Our Talent Community
Share a bit about yourself, such as the career area you are interested in. We will then reach out to you when the perfect position is available!
Sign Up