Cyber Threat Intelligence - Lead Analyst

About The Position

Requirements

• HS Diploma/GED required
• 7+ years of shown experience in Cybersecurity, including hands on cyber threat intelligence work
• Demonstrated experience materially contributing to threat actor tracking, attribution, and analytical methods that directly inform defensive decisions.
• Evidence of skills in areas e.g., malware analysis and/or reverse engineering, and campaign tracking to understand adversary objectives, techniques, and patterns.
• Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization or visas for this role, including but not limited to F-1 CPT, F-1 OPT, F-1 STEM OPT, J-1, H-1B, TN, O-1, E-3, H-1B1, or L-1.

Nice To Haves

• Proven ability to operate as a player/coach — maintaining technical depth while leading a team and shaping strategy
• Strong analytical and problem-solving skills, with a track record of producing intelligence that drives decisions
• Experience leading or significantly contributing to a threat actor tracking, attribution, or intelligence analysis program
• Experience working across brand protection, executive protection, or related multi-functional domains is preferred
• Clear and confident communicator, with the ability to translate technical intelligence for technical, operational, and executive audiences
• Ability to work independently and lead through influence across organizational boundaries
• High level of integrity and ethical standards; awareness of laws, regulations, policies, and ethics as they relate to cybersecurity, privacy, and intelligence work
• Relevant certifications such as GIAC Cyber Threat Intelligence (GCTI), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA)

Responsibilities

• Lead the continued development and maturation of the Cyber Threat Intelligence function, advancing it from intelligence consumer to intelligence producer and contributor across the pharmaceutical industry and the broader cyber community.
• Maintain personal technical proficiency in threat analysis, attribution, and intelligence tradecraft. Be the example on complex analytical work, set the technical bar for the team, and remain credible at the keyboard while developing analyst capability.
• Direct the threat actor tracking and attribution program as a multi-functional Cybersecurity capability — championing adoption across response, detection, architecture, platforms, threat mitigation, identity, and other defensive functions, while remaining accountable for the program's outputs, methodology, and long-term maturation. Maintain alignment between internally tracked activity clusters and industry-recognized threat actor designations to support shared understanding across the security community. Ensure the program produces actionable intelligence that informs detection, response, and strategic decisions across the enterprise.
• Lead the cyber threat intelligence components of brand and executive protection, in close coordination with Corporate Security, Legal, the Brand Office, and other partners. Drive multi-functional governance to reduce duplication and improve coverage across protective monitoring services.
• Develop and maintain strong working relationships with key partners across Cybersecurity, Corporate Security, HR, Legal, the Brand Office, Ethics & Compliance, and Tech@Lilly. Represent GCDO and the CTI function in multi-functional forums where intelligence drives prioritization.
• Strengthen Lilly's role as an active contributor in pharmaceutical-sector and cross-industry intelligence sharing communities. Direct analyst engagement in intelligence sharing collaborators and ensure Lilly contributes high-value research at a cadence consistent with peer organizations.
• Lead a team of cyber threat intelligence analysts. Provide direction, mentorship, and structured development. Build a high-performing team with clear succession depth across analyst tradecraft, brand protection, and strategic intelligence.
• Direct the evaluation, introduction, and integration of capabilities supporting the CTI mission. Ensure intelligence is operationalized into automated enrichment, detection, and response workflows across the GCDO toolchain.
• Provide intelligence-driven support to incident response investigations, particularly for sophisticated and targeted activity. Ensure CTI insights inform the full response lifecycle from triage through after-action review.
• Develop and deliver training and awareness programs that improve the organization's understanding of the external threat landscape. Communicate intelligence findings in formats appropriate for technical analysts, operational leaders, and senior leaders.

Benefits

• company bonus (depending, in part, on company and individual performance)
• company-sponsored 401(k)
• pension
• vacation benefits
• medical, dental, vision and prescription drug benefits
• flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts)
• life insurance and death benefits
• certain time off and leave of absence benefits
• well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities)