At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

YOUR BASIC QUALIFICATIONS:

• Bachelor’s degree in Cyber Security, Computer Science, Information Technology, or related field Or
• High School Diploma/GED with 4+ years of experience in Cyber Security, Information Technology, or related field. And
• 2-6 years of demonstrated experience in cloud architecture and engineering, with a focus on AWS or Azure (slight preference for Azure).

ADDITIONAL SKILLS:

• Strong understanding of cloud security concepts, services, and logs, including Identity and Access Management, Networking, and Security in a public cloud environment.
• Experience with cloud security services such as Security Hub, GuardDuty, CloudTrail, Config, VPC Flow Logs, Amazon Inspector, Amazon Detective, Cloud Custodian, Azure Policy, Azure Activity log, Defender for Cloud, Azure Sentinel, or Security Copilot.
• At least basic proficiency in a programming language (e.g., Python) and some experience with cloud automation and integration using tools such as Lambda, Step Functions, Glue, Azure Functions, Terraform, or CloudFormation.
  Eli Lilly and Company, Lilly USA, LLC and our wholly owned subsidiaries (collectively “Lilly”) are committed to help individuals with disabilities to participate in the workforce and ensure equal opportunity to compete for jobs. If you require an accommodation to submit a resume for positions at Lilly, please email Lilly Human Resources ( LillyRecruitingCompliance@lists.lilly.com ) for further assistance. Please note This email address is intended for use only to request an accommodation as part of the application process. Any other correspondence will not receive a response.
  Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
  

  WeAreLill

WHAT YOU’LL BE DOING:

As a Cloud Security Engineer at Lilly on the Security Architecture and Engineering team, you will play a pivotal role in a dynamic environment. Your responsibilities include managing cloud security tools (CNAPP/CSPM), conducting security reviews of cloud accounts and projects, generating proactive guidance, reviewing and creating IaC/policy as code templates, and participating in cloud design discussions. You will also contribute to the development and implementation of cloud security controls, create integrations and automations for cloud security detection and response actions, and collaborate with various stakeholders across the organization.

KEY RESPONSIBILITIES:

• Manage cloud security tools (CNAPP/CSPM) and implement cloud security controls in a multi-cloud environment (AWS and Azure).
• Conduct security reviews of cloud accounts and projects, generate proactive guidance, and participate in cloud design discussions.
• Review IaC/policy as code template proposals and provide recommendations for secure cloud deployments.
• Develop integrations and automations for cloud security detection and response actions to support the Cyber Defense Operations.
• Partner with cloud foundation teams, Cyber Defense Operations, Tech@Lilly, business areas, and suppliers to ensure secure cloud adoption and operations.
• Perform threat analysis and modeling to enable business and technical partners to deliver secure solutions integrated with the SecOps lifecycle.
• Apply threat modeling and analysis frameworks such as MITRE ATT&CK and STRIDE (or STRIDE-LM) in security practices.
• Maintain and expand technical knowledge across cloud security concepts and technologies, driving knowledge growth across security domains.
• Identify technical solutions and drive implementation to support strategic direction, focusing on value, impact, risk mitigation, security controls, privacy controls, detection, response, and quality.
• Prioritize mitigations in relation to technology upgrades, enhancements, and process improvements within the respective domains of accountability.