Eli Lilly

Sr. Principal Security Engineer, Application Security Strategy & Architecture

Eli Lilly$126K — $224K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's Degree in Computer Science, Information Security, Software Engineering, or a related field.
  • At least 5 years of experience in application security, security architecture, or a closely related discipline.
  • Experience leading or architecting large-scale security or identity migrations in an enterprise setting.
  • Proficiency with GitHub enterprise environments and CI/CD security controls.
  • Experience evaluating and selecting enterprise-level security tooling, including SAST, DAST, or SCA platforms.

Responsibilities

  • Define and maintain architectural direction for Lilly's Secure SDLC program.
  • Communicate program-level execution risks and dependencies with the Director of Application Security.
  • Translate compliance and audit requirements into actionable security architecture.
  • Lead evaluations of security tooling across various categories.
  • Assess vendor capabilities and make recommendations for security solutions.
  • Oversee security architecture for platform transformations ensuring AppSec requirements are integrated.
  • Provide technical guidance on complex implementation challenges and conduct security reviews.

Benefits

  • Flexible hybrid work model with three days onsite and two days remote each week.
  • Open to fully remote candidates depending on role requirements.
  • Comprehensive benefit program including medical, dental, and vision.
  • Eligibility for a company-sponsored 401(k) and pension plans.
  • Well-being benefits including employee assistance programs and fitness initiatives.
Full Job Description
What You'll Be Doing:

As a Sr. Principal Security Engineer, you will serve as a senior technical leader within the Security Architecture & Engineering (SAE) organization, leading strategy and architecture across Lilly's Application Security program. You will provide architectural direction, lead tool evaluation and selection, drive critical security transformation initiatives and serve as a trusted technical advisor to the Director of Application Security on program-level execution risk. This is a high-judgment, senior individual contributor role for someone who can operate at the strategic and architectural level while remaining credible in technical depth.

How You'll Succeed:
  • Architectural thinking: You design security solutions at a program level-defining reference architectures, evaluating build vs. buy tradeoffs, and ensuring that platform decisions made today don't create constraints tomorrow. You can translate a business or compliance requirement into an architectural pattern engineers can execute against.
  • Strategic tool evaluation: You know how to run a rigorous evaluation of security tooling-SAST, DAST, SCA, penetration testing platforms, and AI-augmented security tools. You can define criteria, structure a proof of concept, assess vendor capability against Lilly's environment, and make a defensible recommendation to leadership.
  • Program-level risk judgment: You identify where AppSec execution is at risk before things go wrong. You surface those risks clearly and come with options, not just concerns.
  • Enterprise transformation experience: You have led or architected large-scale security or identity migrations and understand the full scope of what breaks when a foundational platform changes. You know how to sequence a program-level effort, run dependencies, and keep security coverage intact through the transition.
  • Engineering credibility: You can engage at a technical level with security engineers and software developers alike. You understand CI/CD pipelines, developer workflows, and how AppSec controls interact with the systems they protect.
  • Developer partnership: You build trust with engineering teams by understanding their constraints and framing security requirements as solvable engineering problems-not mandates.

Key Responsibilities:
AppSec Strategy & Architecture
  • Define and maintain the architectural direction for Lilly's Secure SDLC program, including SAST, DAST, SCA, secrets management, and software supply chain capabilities.
  • Partner with the Director of Application Security to identify and communicate program-level execution risks and dependencies.
  • Translate regulatory, compliance, and audit requirements into security architecture that engineering teams can implement and sustain.


Tool Evaluation & Selection
  • Lead structured evaluations of security tooling across SAST, DAST, SCA, penetration testing, and AI-augmented security platforms.
  • Define evaluation criteria, design proof-of-concept engagements, assess vendor capabilities against Lilly's environment and scale, and produce recommendation packages for leadership decision-making.
  • Maintain awareness of the AppSec tooling landscape and advise on emerging capabilities-including AI-driven security tools-that warrant evaluation or adoption.
  • Partner with procurement, legal, and engineering collaborators to support vendor selection and contract alignment.


Enterprise Platform Security Transformation
  • Serve as the AppSec architecture lead for platform transformations, owning security architecture decisions and ensuring AppSec requirements are represented.
  • Assess and document the security impact of the migration on existing AppSec controls-identifying gaps in SAST, secrets scanning, and CI/CD security coverage that the migration creates and defining the remediation path.
  • Partner with engineering and platform teams to ensure security requirements are embedded into migration sequencing and cutover planning-not addressed after the fact.
  • Define security readiness criteria for each phase of the transformation and serve as the AppSec authority on go/no-go decisions at key transition points.


AppSec Execution Support
  • Provide senior technical guidance to AppSec engineers on complex implementation challenges, architecture decisions, and remediation approaches.
  • Conduct security reviews for high-risk applications, platforms, and infrastructure changes.
  • Support threat modeling engagements for major product initiatives and platform changes across Lilly's development ecosystem.
  • Contribute to Lilly's Secure SDLC standards and vulnerability management policy, ensuring policy is grounded in architectural reality and can be implemented through platform and pipeline controls.


Your Basic Qualifications:
  • Bachelor's Degree in Computer Science, Information Security, Software Engineering, or a related field.
  • At least 5 years of experience in application security, security architecture, or a closely related discipline.
  • Demonstrated experience leading or architecting a large-scale security, identity, or platform migration in an enterprise environment.
  • Hands-on experience with GitHub enterprise environments, including GitHub Actions, CI/CD security controls, and identity and access management patterns.
  • Experience evaluating and selecting enterprise security tooling, including SAST, DAST, or SCA platforms.
  • Familiarity with threat modeling methodologies and application security fundamentals (OWASP Top 10, CWE, secure coding practices).


What You Should Bring:
  • Deep familiarity with GitHub's identity and access model, including experience with or strong understanding of GitHub Enterprise Managed Users (EMU), SAML/OIDC federation, PAT governance, and GitHub Actions security controls.
  • Experience assessing the security implications of platform migrations-understanding what breaks, what coverage gaps are created, and how to sequence remediation.
  • Strong expertise in application security fundamentals-OWASP Top 10, CWE, secure coding practices, threat modeling, and vulnerability management.
  • Working knowledge of AppSec tooling ecosystems: SAST (Checkmarx or equivalent), DAST, SCA, and secrets scanning platforms.
  • Ability to communicate optimally to produce architectural documentation and present risk and recommendation to senior leadership.
  • Familiarity with secrets management platforms and software supply chain security patterns.
  • Awareness of AI-augmented security tooling and the ability to evaluate where AI meaningfully improves AppSec workflows versus where it introduces risk.
  • Working knowledge of cloud environments (AWS preferred) and containerized workloads in the context of security architecture.
  • Ability to operate as a senior individual contributor-providing architectural leadership and program-level judgment without requiring direct management authority to drive outcomes.


Location & Work Flexibility
This role is based at our Corporate Center in Indianapolis, IN. We offer a flexible hybrid work model, with three days onsite and two days working remotely each week, supporting both collaboration and work-life balance.

We are also open to considering fully remote candidates based on role requirements and business needs.

Actual compensation will depend on a candidate's education, experience, skills, and geographic location. The anticipated wage for this position is
$126,000 - $224,400

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly's compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly

About Eli Lilly

ICOS Corporation is a biotechnology company that engages in the discovery, development, and commercialization of therapeutic products. It is engaged in the commercialization of treatments for unmet medical conditions, such as benign prostatic hyperplasia, hypertension, pulmonary arterial hypertension, cancer, and inflammatory diseases. It is the developer of a treatment known as Cialis (tadalafil), a product for the treatment of erectile dysfunction through its joint venture with Eli Lilly and Company in North America and Europe. It is also engaged in contract manufacturing services for third parties. It is in a strategic alliance with Solvay Pharmaceuticals, Inc. ICOS Corporation was established in 1989, based in Bothell, Washington. It is currently operated by Eli Lilly and Company.

Eli Lilly Careers

Joining Eli Lilly offers an unparalleled opportunity to become part of a leading global team dedicated to creating a healthier future. As a company revered for its commitment to innovation and leadership in the pharmaceutical industry, Eli Lilly is where your professional journey can flourish. Work You’ll Do At Eli Lilly, we are passionate about transforming patient care and advancing medical innovation. Our team at Eli Lilly is at the forefront of developing groundbreaking solutions in healthcare. By joining us, you will collaborate with some of the brightest minds in the industry, using cutting-edge technology to make real-world impacts. Lead with Innovation and Leadership Eli Lilly stands out in the marketplace by integrating deep industry expertise with robust research and development efforts. We are looking for professionals who are eager to drive change and lead the way in developing therapeutic breakthroughs. Explore Job Opportunities and Growth Eli Lilly offers a variety of career paths, including full-time positions and internships, across multiple functions such as research, marketing, IT, and sales. Whether you are a seasoned professional or a recent graduate, Eli Lilly provides an environment that promotes career growth and learning opportunities. Our commitment to diversity and leadership training ensures that every employee can achieve their potential. Be Part of Our Team Our team at Eli Lilly is committed to excellence and driven by a mission to improve lives. Employees enjoy a supportive culture that values collaboration, creativity, and diversity. We believe that a diverse workforce fosters innovation and helps us better connect with the communities we serve. Benefits and Culture Eli Lilly is dedicated to supporting our employees, offering competitive benefits, wellness programs, and comprehensive health care. Our culture is built on a foundation of respect, integrity, and quality, making Eli Lilly not just a great place to work, but a community to grow with. Networking and Professional Development Eli Lilly encourages continuous professional development and networking. With access to various training programs and mentorship opportunities, employees can enhance their skills and advance their careers. Our leadership is committed to nurturing talent through effective training and development strategies. Join Our Team Discover the exciting job opportunities at Eli Lilly by exploring open positions that match your skills and interests. We are continuously hiring and looking for individuals who are passionate, innovative, and ready to contribute to our mission of making life better for people around the globe. Stay Connected Keep up to date with the latest at Eli Lilly by following our careers blog. Gain insights from industry leaders and get tips on everything from crafting the perfect resume to preparing for your interview. Eli Lilly is not just a company—it's a place where you can make a difference. Explore the positions available and find out how your talents can help change the world. SEARCH ELI LILLY JOBS Stay ahead in your career with Eli Lilly, where innovation, leadership, and a commitment to diversity and growth lead the way to future advancements.
Learn more about Eli Lilly
Size
35,000 employees
Market Cap
$344.2 billion
Industry
Net Income
$6.1 billion
Founded
1876
5 Year Trend
+5.9%
Revenue
$24.5 billion
NASDAQ

Similar Jobs

More Jobs at Eli Lilly

More Information Technology Jobs

Find similar Sr. Principal Security Engineer, Application Security Strategy & Architecture jobs: