At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

What You'll Be Doing: 

As an Application Security Engineer, you will focus on securing applications throughout the development lifecycle by developing threat models and conducting security risk analysis, implementing application security tools, and providing security guidance to development teams. You will perform vulnerability assessments of applications, educate developers on secure coding practices, and work directly with engineering teams to remediate identified security issues. This role involves translating security findings into practical remediation steps while building security capabilities within development teams.

How You'll Succeed:

Technical expertise: You will demonstrate deep knowledge of application security testing methodologies, secure coding practices, and vulnerability assessment across diverse development environments.Risk Analysis: Success requires the ability to conduct comprehensive security risk assessments and develop actionable threat models.Developer partnership: Success requires the ability to work effectively with development teams, providing security guidance and building security awareness through education and consultation.Vulnerability management: You will effectively identify, prioritize, and guide remediation of application security vulnerabilities while helping to ensure timely resolution.Security tooling: Strong ability to implement, configure, and optimize SAST tools and other application security testing solutions.Educational leadership: You will guide developers on secure coding practices and help build security knowledge across engineering teams.

Key Responsibilities:

Conduct security risk assessments and static application security testing (SAST)Collaborate with DevOps teams to integrate security testing into CI/CD pipelinesProvide security consultation and guidance to development teams during the SDLCEducate developers on secure coding practices and vulnerability remediation techniquesAnalyze application security scan results and prioritize findings based on riskCreate secure development materials, reference guides, and secure patterns.Assist with the tracking and reporting of application security metrics and remediation progressPerform dynamic application security testing (DAST) as needed

What You Should Bring:

Strong technical expertise in application security coding practices and testing methodologiesExperience with SAST, DAST, and ASPM tools (e.g., Checkmarx, Burp Suite)Proven track record of conducting security risk assessments and vulnerability assessmentsKnowledge of common application vulnerabilities (OWASP Top 10, CWE) and remediation techniquesUnderstanding of multiple programming languages and frameworksExperience with DevSecOps practices and CI/CD pipeline security integration in a GitHub environmentStrong communication skillsAbility to work collaboratively with development teams and translate security requirements into actionable guidanceCommitment to staying current with emerging application security threats and testing technologies

Your Basic Minimum Qualifications:

High School Diploma/GEDAt least five years of experience in application security, secure code review, or related disciplineQualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) now or in the future.

Other Information:

Candidates in the Indianapolis area will work at the Lilly Corporate Center on a hybrid schedule

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

$63,750 - $180,400

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly