Eli Lilly and Company

Senior Security Engineer

Chester, Maryland, United States

Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
HealthcareIndustries

About Lilly

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Employment Type: Full time

What You'll Be Doing

As an Application Security Engineer, you will focus on securing applications throughout the development lifecycle by developing threat models and conducting security risk analysis, implementing application security tools, and providing security guidance to development teams. You will perform vulnerability assessments of applications, educate developers on secure coding practices, and work directly with engineering teams to remediate identified security issues. This role involves translating security findings into practical remediation steps while building security capabilities within development teams.

How You'll Succeed

  • Technical expertise: Demonstrate deep knowledge of application security testing methodologies, secure coding practices, and vulnerability assessment across diverse development environments.
  • Risk Analysis: Conduct comprehensive security risk assessments and develop actionable threat models.
  • Developer partnership: Work effectively with development teams, providing security guidance and building security awareness through education and consultation.
  • Vulnerability management: Effectively identify, prioritize, and guide remediation of application security vulnerabilities while helping to ensure timely resolution.
  • Security tooling: Implement, configure, and optimize SAST tools and other application security testing solutions.
  • Educational leadership: Guide developers on secure coding practices and help build security knowledge across engineering teams.

Key Responsibilities

  • Conduct security risk assessments and static application security testing (SAST)
  • Collaborate with DevOps teams to integrate security testing into CI/CD pipelines
  • Provide security consultation and guidance to development teams during the SDLC
  • Educate developers on secure coding practices and vulnerability remediation techniques
  • Analyze application security scan results and prioritize findings based on risk
  • Create secure development materials, reference guides, and secure patterns.
  • Assist with the tracking and reporting of application security metrics and remediation progress
  • Perform dynamic application security testing (DAST) as needed

What You Should Bring

  • Strong technical expertise in application security coding practices and testing methodologies
  • Experience with SAST, DAST, and ASPM tools (e.g., Checkmarx, Burp Suite)
  • Proven track record of conducting security risk assessments and vulnerability assessments
  • Knowledge of common application vulnerabilities (OWASP Top 10, CWE) and remediation techniques
  • Understanding of multiple programming languages and frameworks
  • Experience with DevSecOps practices and CI/CD pipeline security integration in a GitHub environment
  • Strong communication skills
  • Ability to work collaboratively with development teams and translate security requirements into actionable guidance
  • Commitment to staying current with emerging application security threats and testing technologies

Your Basic Minimum Qualifications

  • High School Diploma/GED
  • At least five years of experience in application security, secure code review, or related discipline
  • Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) now or in the future.

Skills

Application Security
Threat Modeling
Security Risk Analysis
Vulnerability Assessment
Secure Coding Practices
Security Tooling
Remediation

Eli Lilly and Company

Develops and delivers prescription medicines globally

About Eli Lilly and Company

Eli Lilly and Company is a global pharmaceutical company that focuses on discovering, developing, and delivering medicines to improve health. The company has a long history of scientific achievements, including the creation of insulin, the first life-saving treatment for diabetes. Lilly's operations involve extensive research and development to create new medications and enhance existing ones, ensuring they are safe and effective. Their products are primarily prescription medicines sold to healthcare providers for various medical conditions, including diabetes, cancer, and pain management. What sets Lilly apart from its competitors is its strong commitment to ethical practices and the protection of its products from counterfeiting. The company's goal is to enhance lives through innovative medical solutions while maintaining high standards of quality and ethics.

Indianapolis, IndianaHeadquarters
1876Year Founded
$1,180.1MTotal Funding
IPOCompany Stage
Biotechnology, HealthcareIndustries
10,001+Employees

Risks

Competition from Novo Nordisk's Ozempic may impact tirzepatide's market share.
Potential construction delays in Indiana could affect GLP-1 drug production timelines.
Regulatory challenges may hinder Kisunla's expansion in new Alzheimer's markets.

Differentiation

Eli Lilly's rich history includes the first life-saving insulin treatment.
Lilly's strategic partnerships enhance its position in neurodegenerative disease treatments.
FDA approval of Zepbound opens new therapeutic markets for sleep disorder treatments.

Upsides

Lilly's $9 billion complex in Indiana boosts GLP-1 drug production capacity.
Kisunla's approval in China expands Lilly's Alzheimer's treatment market in Asia.
Collaboration with EVA Pharma enhances Lilly's reputation as socially responsible.

Land your dream remote job 3x faster with AI