Cyber Threat Intelligence
healthcare
CyberThreatIntelligenceLeadAnalyst
“Cyber Threat Intelligence - Lead Analyst at Cyber Threat Intelligence. Skills: Cyber Threat Intelligence, threat actor tracking, attribution, intelligence analysis, team leadership. Lead the continued development and maturation of the Cyber Threat Intelligence function. Advance from intelligence consumer to intelligence producer and contributor”
Industry & Context.
analytical and problem-solving skills
some international travel may be required, Remote workers may be asked to travel based on business needs
What They're Looking For.
Must Have
HS Diploma/GED required, 7+ years of shown experience in Cybersecurity, including hands on cyber threat intelligence work, Demonstrated experience materially contributing to threat actor tracking, attribution, and analytical methods that directly inform defensive decisions., Evidence of skills in areas e. g. , malware analysis and/or reverse engineering, and campaign tracking to understand adversary objectives, techniques, and patterns., Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization and visas for this role, including but not limited to F-1 CPT, F-1 OPT, F-1 STEM OPT, J-1, H-1B, TN, O-1, E-3, H-1B1, or L-1.
Nice to Have
Proven ability to operate as a player/coach — maintaining technical depth while leading a team and shaping strategy, analytical and problem-solving skills, with a track record of producing intelligence that drives decisions, Experience leading or significantly contributing to a threat actor tracking, attribution, or intelligence analysis program, Experience working across brand protection, executive protection, or related multi-functional domains is preferred, Clear and confident communicator, with the ability to translate technical intelligence for technical, operational, and executive audiences, Ability to work independently and lead through influence across organizational boundaries, High level of integrity and ethical awareness of laws, regulations, policies, and ethics as they relate to cybersecurity, privacy, and intelligence work, Relevant certifications such as GIAC Cyber Threat Intelligence (GCTI), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA)
What You'll Do.
Lead the continued development and maturation of the Cyber Threat Intelligence function
Advance from intelligence consumer to intelligence producer and contributor
Maintain personal technical proficiency in threat analysis
and intelligence tradecraft
Set the technical bar for the team
Direct the threat actor tracking and attribution program
Champion adoption of threat actor tracking across response
and other defensive functions
Accountable for the program's outputs
and long-term maturation
Maintain alignment between internally tracked activity clusters and industry-recognized threat actor designations
Ensure the program produces actionable intelligence that informs detection
and strategic decisions
Lead the cyber threat intelligence components of brand and executive protection
Drive multi-functional governance to reduce duplication and improve coverage across protective monitoring services
Develop and maintain working relationships with key partners across Cybersecurity
Represent GCDO and the CTI function in multi-functional forums where intelligence drives prioritization
Strengthen Lilly's role as an active contributor in pharmaceutical-sector and cross-industry intelligence sharing communities
Direct analyst engagement in intelligence sharing collaborators
Ensure Lilly contributes high-value research at a cadence consistent with peer organizations
Lead a team of cyber threat intelligence analysts
and structured development
Build a high-performing team with clear succession depth
Direct the evaluation
and integration of capabilities supporting the CTI mission
Ensure intelligence is operationalized into automated enrichment
and response workflows
Provide intelligence-driven support to incident response investigations
Ensure CTI insights inform the full response lifecycle from triage through after-action review
Develop and deliver training and awareness programs
Communicate intelligence findings in formats appropriate for technical analysts
How You'll Work.
Team & Collaboration
Represent GCDO and the CTI function in multi-functional forums; Develop and maintain working relationships with key partners across Cybersecurity, Corporate Security, HR, Legal, the Brand Office, Ethics & Compliance, and Tech@Lilly; Lead through influence across organizational boundaries
Communication Scope
Clear and confident communicator; ability to translate technical intelligence for technical, operational, and executive audiences
Process & Methodology
Function Strategy and Maturation, program management
Applying for this Cyber Threat Intelligence - Lead Analyst role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Cyber Threat Intelligence?
Real rants from real employees. Read before you apply.