More jobs:
Sr. Principal Security Engineer, Application Security Strategy & Architecture
Job in
Indiana Borough, Indiana County, Pennsylvania, 15705, USA
Listed on 2026-07-08
Listing for:
Scorpion Therapeutics
Full Time
position Listed on 2026-07-08
Job specializations:
-
IT/Tech
Cybersecurity, Systems Engineer
Job Description & How to Apply Below
What You’ll Be Doing
- Lead strategy and architecture across Lilly’s Application Security (App Sec) program as a senior technical leader within Security Architecture & Engineering (SAE).
- Provide architectural direction, lead tool evaluation and selection, drive security transformation initiatives, and advise on program-level execution risk.
- Define program-level reference architectures and translate regulatory/compliance requirements into patterns engineers can execute.
- App Sec Strategy & Architecture:
Define and maintain Secure SDLC architecture (SAST, DAST, SCA, secrets management, software supply chain); partner to identify program risks/dependencies; translate regulatory/audit requirements into implementable architecture. - Tool Evaluation & Selection:
Lead structured evaluations across SAST/DAST/SCA/pen testing/AI-augmented tools; define criteria, run proofs of concept, assess vendor fit/scale, and recommend to leadership; advise on emerging capabilities. - Enterprise Platform Security Transformation:
Own security architecture during platform transformations; assess migration impact on App Sec controls (gaps in SAST/secrets scanning/CI/CD) and define remediation; embed requirements into sequencing/cutover; define readiness criteria and go/no-go decisions. - App Sec Execution Support:
Guide complex implementations; conduct security reviews; support threat modeling; contribute to Secure SDLC standards and vulnerability management policy.
- Bachelor’s in CS/Info Sec/Software Engineering or related field.
- 5+ years in application security, security architecture, or related.
- Large-scale security/identity/platform migration experience.
- Hands‑on Git Hub Enterprise (Git Hub Actions, CI/CD security controls, IAM patterns).
- Experience evaluating/selecting SAST/DAST/SCA tooling.
- Threat modeling and App Sec fundamentals (OWASP Top 10, CWE, secure coding).
- Deep Git Hub identity/IAM knowledge (EMU, SAML/OIDC, PAT governance, Actions security).
- App Sec migration impact assessment; strong App Sec fundamentals and vulnerability management.
- Familiarity with App Sec tools (e.g., SAST like Checkmarx or equivalent; DAST/SCA/secrets scanning).
- Ability to create architectural documentation and present risk/recommendations to senior leadership.
- Secrets management and software supply chain security patterns; awareness of AI-augmented security tools.
- Working knowledge of cloud (AWS preferred) and containers.
- Operate as a senior individual contributor (architectural leadership without direct management authority).
- Corporate Center (Indianapolis, IN); hybrid (3 days onsite/2 days remote); fully remote may be considered.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×