Cyber Threat Intelligence
healthcare
CyberThreatIntelligence-LeadAnalyst
Neural analysis suggests this role is
optimal for Lead candidates.
“Cyber Threat Intelligence - Lead Analyst at Cyber Threat Intelligence. Skills: Cyber Threat Intelligence, threat actor tracking, attribution, intelligence analysis, team leadership. Lead the continued development and maturation of the Cyber Threat Intelligence function. Advance from intelligence consumer to intelligence producer and contributor”
Industry & Context.
analytical and problem-solving skills
some international travel may be required, Remote workers may be asked to travel based on business needs
What They're Looking For.
Must Have
HS Diploma/GED required, 7+ years of shown experience in Cybersecurity, including hands on cyber threat intelligence work, Demonstrated experience materially contributing to threat actor tracking, attribution, and analytical methods that directly inform defensive decisions., Evidence of skills in areas e. g. , malware analysis and/or reverse engineering, and campaign tracking to understand adversary objectives, techniques, and patterns., Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization and visas for this role, including but not limited to F-1 CPT, F-1 OPT, F-1 STEM OPT, J-1, H-1B, TN, O-1, E-3, H-1B1, or L-1.
Nice to Have
Proven ability to operate as a player/coach — maintaining technical depth while leading a team and shaping strategy, analytical and problem-solving skills, with a track record of producing intelligence that drives decisions, Experience leading or significantly contributing to a threat actor tracking, attribution, or intelligence analysis program, Experience working across brand protection, executive protection, or related multi-functional domains is preferred, Clear and confident communicator, with the ability to translate technical intelligence for technical, operational, and executive audiences, Ability to work independently and lead through influence across organizational boundaries, High level of integrity and ethical awareness of laws, regulations, policies, and ethics as they relate to cybersecurity, privacy, and intelligence work, Relevant certifications such as GIAC Cyber Threat Intelligence (GCTI), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA)
What You'll Do.
Lead the continued development and maturation of the Cyber Threat Intelligence function
Advance from intelligence consumer to intelligence producer and contributor
Maintain personal technical proficiency in threat analysis
and intelligence tradecraft
Set the technical bar for the team
Direct the threat actor tracking and attribution program
Champion adoption of threat actor tracking across response
and other defensive functions
Accountable for the program's outputs
and long-term maturation
Maintain alignment between internally tracked activity clusters and industry-recognized threat actor designations
Ensure the program produces actionable intelligence that informs detection
and strategic decisions
Lead the cyber threat intelligence components of brand and executive protection
Drive multi-functional governance to reduce duplication and improve coverage across protective monitoring services
Develop and maintain working relationships with key partners across Cybersecurity
Represent GCDO and the CTI function in multi-functional forums where intelligence drives prioritization
Strengthen Lilly's role as an active contributor in pharmaceutical-sector and cross-industry intelligence sharing communities
Direct analyst engagement in intelligence sharing collaborators
Ensure Lilly contributes high-value research at a cadence consistent with peer organizations
Lead a team of cyber threat intelligence analysts
and structured development
Build a high-performing team with clear succession depth
Direct the evaluation
and integration of capabilities supporting the CTI mission
Ensure intelligence is operationalized into automated enrichment
and response workflows
Provide intelligence-driven support to incident response investigations
Ensure CTI insights inform the full response lifecycle from triage through after-action review
Develop and deliver training and awareness programs
Communicate intelligence findings in formats appropriate for technical analysts
How You'll Work.
Team & Collaboration
Represent GCDO and the CTI function in multi-functional forums; Develop and maintain working relationships with key partners across Cybersecurity, Corporate Security, HR, Legal, the Brand Office, Ethics & Compliance, and Tech@Lilly; Lead through influence across organizational boundaries
Communication Scope
Clear and confident communicator; ability to translate technical intelligence for technical, operational, and executive audiences
Process & Methodology
Function Strategy and Maturation, program management
Full Job Description
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world. The Cyber Threat Intelligence (CTI) Lead Analyst leads one of the eight functional teams within Global Cyber Defense Operations (GCDO). The role directs the strategy, operations, and continued maturation of Lilly's Cyber Threat Intelligence function — covering threat actor tracking and attribution, brand and executive protection, intelligence sharing collaborators, and the integration of intelligence into detection, response, and proactive defense across GCDO. This is a player/coach role. The CTI Lead Analyst is expected to maintain personal technical depth in threat analysis and set the example of the standard on the hardest analytical work, while simultaneously shaping the strategy of the function, developing the analyst team, and representing GCDO across multi-functional and external forums. Candidates should expect to spend their time across both the technical and strategic dimensions of the role rather than choosing one. **What You Will Do:** * **Function Strategy and Maturation:** Lead the continued development and maturation of the Cyber Threat Intelligence function, advancing it from intelligence consumer to intelligence producer and contributor across the pharmaceutical industry and the broader cyber community. * **Hands-on Technical Leadership (Player/Coach):** Maintain personal technical proficiency in threat analysis, attribution, and intelligence tradecraft. Be the example on complex analytical work, set the techn
Applying for this Cyber Threat Intelligence - Lead Analyst role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Cyber Threat Intelligence?
Real rants from real employees. Read before you apply.