×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity AI Engineer (Applied/Software)

Sr. Principal Security Engineer, Application Security & Automation

Job in Indianapolis, Marion County, Indiana, 46202, USA
Listing for: Lilly
Full Time position
Listed on 2026-06-14
Job specializations:
  • IT/Tech
    Cybersecurity, AI Engineer (Applied/Software)
Job Description & How to Apply Below
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism.

We give our best effort to our work, and we put people first. We're looking for people who are determined to make life better for people around the world.

** What You'll Be Doing:*
* As an Application Security Engineer, you will operate at the intersection of software engineering and security engineering- leading platforms, writing code, building integrations, and designing automation. You will take part in Lilly's Secure SDLC program end-to-end, including SAST, DAST, SCA, and secret scanning tooling; secrets management; and our emerging software supply chain capabilities. You will use technology and apply LLM-based approaches to secure application and architecture design, vulnerability triage and remediation, and the delivery of secure‑by‑default patterns across Lilly's development ecosystem.

** How You'll Succeed:*
* +  
** Engineering-first mentality:
** You bring real software development experience and treat security problems as engineering problems, automating what can be automated, integrating deeply with developer workflows, and writing production-quality code.

+  
** AI fluency:
** You are genuinely excited about LLMs and agentic tooling and have built things with them. You understand MCP, agent harnesses, and how to wire LLMs into real workflows - and you can tell where AI meaningfully accelerates security work versus where it shouldn't be trusted.

+  
** Platform management:
** Success requires running App Sec tooling as platforms with clear SLAs, telemetry, and continuous improvement rather than one-off scans and tickets.

+  
** Secure coding credibility:
** You have written code in multiple languages and ecosystems and can speak the developer's language. When you flag a finding or propose a control, engineers trust that you understand the tradeoffs.

+  
** Developer partnership:
** You build leverage through partnership-meeting development teams where they are, shipping secure-by-default patterns, and making the secure path the path of the least resistance.

+  
** Build system security:
** You understand that CI/CD is itself a high-value target. You have opinions on Git Hub Actions OIDC, pinning actions to commit SHAs, least-privilege runners, and protecting secrets and artifacts as they move through the pipeline.

*
* Key Responsibilities:

*
* + Evolve one or more App Sec platforms within the Secure SDLC program.

+ Design and build automation within Security Architecture and Engineering.

+ Apply LLMs, agentic frameworks, MCP servers, and tool-calling patterns.

+ Partner with development teams on secure coding practices, threat modeling, and remediation of findings from SAST, DAST, SCA, and secret scanning tools.

+ Contribute to Lilly's Secure SDLC standards and vulnerability management policy, translating policy into enforceable pipeline and platform controls.

+ Support the secrets management rollout and migration of applications off legacy secret stores, including code-level guidance for SDK-based and injected consumption patterns.

+ Produce developer-facing content, reference architectures, secure patterns, short-form instructional content and reusable code samples.

+ Harden Lilly's CI/CD environment against software supply chain attacks- pinned actions, OIDC-based cloud auth, runner isolation, workflow permissions, and protection of build-time secrets and artifacts.

+ Partner with the Cloud Security team on Infrastructure-as-Code (IaC) security - extending secure-by-default patterns and developer guardrails from application code into the infrastructure that runs it.

** Your

Basic Qualifications:

*
* + Bachelor's Degree in Computer Science, Information Security, Software Engineering, or related fields.

+ At least 2 years of dedicated application security experience

+ At least 2 years of software development experience with…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search