Eli Lilly

Sr. Principal Security Engineer, Application Security & Automation

Eli Lilly$126K — $224K *
US-AnywhereRemote in Indianapolis, IN
Information Technology
Less than 5 years of experience
Reposted Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • Bachelor's Degree in Computer Science, Information Security, Software Engineering, or related fields.
  • 2+ years of application security experience.
  • 2+ years of software development experience contributing to production systems.
  • 5 years total experience in both application security and software development.
  • Production coding experience in Python, TypeScript/JavaScript, Java, Go, or C#.
  • Familiarity with threat modeling and security automation integration in GitHub.
  • Hands-on experience with large language models (LLMs) in a professional context.

Responsibilities

  • Evolve AppSec platforms within Lilly's Secure SDLC program.
  • Design and build automation for Security Architecture and Engineering.
  • Apply LLMs and agentic frameworks in security workflows.
  • Partner with teams on secure coding, threat modeling, and remediation.
  • Contribute to Secure SDLC standards and vulnerability management policy.
  • Support secrets management migration from legacy stores to new patterns.
  • Produce developer-facing security content and code samples.
  • Harden CI/CD environments against software supply chain attacks.

Benefits

  • Flexible hybrid work model (3 days onsite, 2 remote).
  • Company-sponsored 401(k) and pension plan.
  • Vacation and paid time off benefits.
  • Eligibility for medical, dental, vision, and prescription drug insurance.
  • Health and dependent care flexible spending accounts.
  • Life insurance and death benefits.
  • Employee assistance programs and wellness benefits.
Full Job Description
What You'll Be Doing:

As an Application Security Engineer, you will operate at the intersection of software engineering and security engineering- leading platforms, writing code, building integrations, and designing automation. You will take part in Lilly's Secure SDLC program end-to-end, including SAST, DAST, SCA, and secret scanning tooling; secrets management; and our emerging software supply chain capabilities. You will use technology and apply LLM-based approaches to secure application and architecture design, vulnerability triage and remediation, and the delivery of secure-by-default patterns across Lilly's development ecosystem.

How You'll Succeed:
  • Engineering-first mentality: You bring real software development experience and treat security problems as engineering problems, automating what can be automated, integrating deeply with developer workflows, and writing production-quality code.
  • AI fluency: You are genuinely excited about LLMs and agentic tooling and have built things with them. You understand MCP, agent harnesses, and how to wire LLMs into real workflows - and you can tell where AI meaningfully accelerates security work versus where it shouldn't be trusted.
  • Platform management: Success requires running AppSec tooling as platforms with clear SLAs, telemetry, and continuous improvement rather than one-off scans and tickets.
  • Secure coding credibility: You have written code in multiple languages and ecosystems and can speak the developer's language. When you flag a finding or propose a control, engineers trust that you understand the tradeoffs.
  • Developer partnership: You build leverage through partnership-meeting development teams where they are, shipping secure-by-default patterns, and making the secure path the path of the least resistance.
  • Build system security: You understand that CI/CD is itself a high-value target. You have opinions on GitHub Actions OIDC, pinning actions to commit SHAs, least-privilege runners, and protecting secrets and artifacts as they move through the pipeline.

Key Responsibilities:
  • Evolve one or more AppSec platforms within the Secure SDLC program.
  • Design and build automation within Security Architecture and Engineering.
  • Apply LLMs, agentic frameworks, MCP servers, and tool-calling patterns.
  • Partner with development teams on secure coding practices, threat modeling, and remediation of findings from SAST, DAST, SCA, and secret scanning tools.
  • Contribute to Lilly's Secure SDLC standards and vulnerability management policy, translating policy into enforceable pipeline and platform controls.
  • Support the secrets management rollout and migration of applications off legacy secret stores, including code-level guidance for SDK-based and injected consumption patterns.
  • Produce developer-facing content, reference architectures, secure patterns, short-form instructional content and reusable code samples.
  • Harden Lilly's CI/CD environment against software supply chain attacks- pinned actions, OIDC-based cloud auth, runner isolation, workflow permissions, and protection of build-time secrets and artifacts.
  • Partner with the Cloud Security team on Infrastructure-as-Code (IaC) security - extending secure-by-default patterns and developer guardrails from application code into the infrastructure that runs it.


Your Basic Qualifications:
  • Bachelor's Degree in Computer Science, Information Security, Software Engineering, or related fields.
  • At least 2 years of dedicated application security experience
  • At least 2 years of software development experience with individual contributions to production systems,
  • At least a total of 5 years of combined experience across both rigors.
  • Proven production coding experience in at least one of: Python, TypeScript/JavaScript, Java, Go, or C# - not solely in an advisory, review, or scripting capacity.
  • Experience building or integrating security automation within a GitHub environment, including GitHub Actions.
  • Familiarity with threat modeling in a professional setting
  • Hands-on experience with large language models (LLMs) in a professional or project context, such as prompt engineering, API integration, or workflow automation.


What You Should Bring:
  • Hands-on software development experience in at least one modern language (Python, TypeScript/JavaScript, Java, Go, or C#) with a track record of shipping working code- not just reviewing others'.
  • Strong expertise in application security fundamentals-OWASP Top 10, CWE, secure coding practices, threat modeling, and vulnerability assessment.
  • Experience operating or deeply integrating with SAST, DAST, SCA, and secret scanning tools.
  • Genuine enthusiasm for and hands-on experience with LLMs, prompt engineering, agentic workflows, or LLM-powered tooling-bonus points for things you have actually built and shipped.
  • Familiarity with secrets management platforms and patterns and with software supply chain / artifact management.
  • Working knowledge of cloud environments (AWS preferred; Azure or GCP welcome) and containerized workloads (ECS, EKS, Docker).
  • Familiarity with IaC scanning and the IaC ecosystem (Terraform, CloudFormation, Kubernetes manifests)
  • Strong communication skills; ability to translate security requirements into actionable engineering guidance and to represent AppSec in conversations with engineering partners.
  • Commitment to staying ahead of with emerging AppSec threats, tooling, and AI/LLM capabilities.


Location & Work Flexibility
This role is based at our Corporate Center in Indianapolis, IN. We offer a flexible hybrid work model, with three days onsite and two days working remotely each week, supporting both collaboration and work-life balance.

We are also open to considering fully remote candidates based on role requirements and business needs.

Actual compensation will depend on a candidate's education, experience, skills, and geographic location. The anticipated wage for this position is
$126,000 - $224,400

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly's compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly

About Eli Lilly

ICOS Corporation is a biotechnology company that engages in the discovery, development, and commercialization of therapeutic products. It is engaged in the commercialization of treatments for unmet medical conditions, such as benign prostatic hyperplasia, hypertension, pulmonary arterial hypertension, cancer, and inflammatory diseases. It is the developer of a treatment known as Cialis (tadalafil), a product for the treatment of erectile dysfunction through its joint venture with Eli Lilly and Company in North America and Europe. It is also engaged in contract manufacturing services for third parties. It is in a strategic alliance with Solvay Pharmaceuticals, Inc. ICOS Corporation was established in 1989, based in Bothell, Washington. It is currently operated by Eli Lilly and Company.

Eli Lilly Careers

Joining Eli Lilly offers an unparalleled opportunity to become part of a leading global team dedicated to creating a healthier future. As a company revered for its commitment to innovation and leadership in the pharmaceutical industry, Eli Lilly is where your professional journey can flourish. Work You’ll Do At Eli Lilly, we are passionate about transforming patient care and advancing medical innovation. Our team at Eli Lilly is at the forefront of developing groundbreaking solutions in healthcare. By joining us, you will collaborate with some of the brightest minds in the industry, using cutting-edge technology to make real-world impacts. Lead with Innovation and Leadership Eli Lilly stands out in the marketplace by integrating deep industry expertise with robust research and development efforts. We are looking for professionals who are eager to drive change and lead the way in developing therapeutic breakthroughs. Explore Job Opportunities and Growth Eli Lilly offers a variety of career paths, including full-time positions and internships, across multiple functions such as research, marketing, IT, and sales. Whether you are a seasoned professional or a recent graduate, Eli Lilly provides an environment that promotes career growth and learning opportunities. Our commitment to diversity and leadership training ensures that every employee can achieve their potential. Be Part of Our Team Our team at Eli Lilly is committed to excellence and driven by a mission to improve lives. Employees enjoy a supportive culture that values collaboration, creativity, and diversity. We believe that a diverse workforce fosters innovation and helps us better connect with the communities we serve. Benefits and Culture Eli Lilly is dedicated to supporting our employees, offering competitive benefits, wellness programs, and comprehensive health care. Our culture is built on a foundation of respect, integrity, and quality, making Eli Lilly not just a great place to work, but a community to grow with. Networking and Professional Development Eli Lilly encourages continuous professional development and networking. With access to various training programs and mentorship opportunities, employees can enhance their skills and advance their careers. Our leadership is committed to nurturing talent through effective training and development strategies. Join Our Team Discover the exciting job opportunities at Eli Lilly by exploring open positions that match your skills and interests. We are continuously hiring and looking for individuals who are passionate, innovative, and ready to contribute to our mission of making life better for people around the globe. Stay Connected Keep up to date with the latest at Eli Lilly by following our careers blog. Gain insights from industry leaders and get tips on everything from crafting the perfect resume to preparing for your interview. Eli Lilly is not just a company—it's a place where you can make a difference. Explore the positions available and find out how your talents can help change the world. SEARCH ELI LILLY JOBS Stay ahead in your career with Eli Lilly, where innovation, leadership, and a commitment to diversity and growth lead the way to future advancements.
Learn more about Eli Lilly
Size
35,000 employees
Market Cap
$344.2 billion
Industry
Pharmaceuticals & Biotech
Net Income
$6.1 billion
Founded
1876
5 Year Trend
+5.9%
Revenue
$24.5 billion
NASDAQ
LLY
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Eli Lilly

More Information Technology Jobs

Find similar Sr. Principal Security Engineer, Application Security & Automation jobs:

NationwideRemote