At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

YOUR BASIC MINIMUM QUALIFICATIONS:

• High School Diploma/GED
• At least five years of experience in application security, secure code review, or related discipline
• Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) now or in the future.

WHAT YOU’LL BE DOING:

As an Application Security Engineer, you will focus on securing applications throughout the development lifecycle by developing threat models and conducting security risk analysis, implementing application security tools, and providing security guidance to development teams. You will perform vulnerability assessments of applications, educate developers on secure coding practices, and work directly with engineering teams to remediate identified security issues. This role involves translating security findings into practical remediation steps while building security capabilities within development teams.

KEY RESPONSIBILITIES:

• Conduct security risk assessments and static application security testing (SAST)
• Collaborate with DevOps teams to integrate security testing into CI/CD pipelines
• Provide security consultation and guidance to development teams during the SDLC
• Educate developers on secure coding practices and vulnerability remediation techniques
• Analyze application security scan results and prioritize findings based on risk
• Create secure development materials, reference guides, and secure patterns.Assist with the tracking and reporting of application security metrics and remediation progress
• Perform dynamic application security testing (DAST) as needed