Senior Engineer II - Cybersecurity

Organization Overview:
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. Weu2019re looking for people who are determined to make life better for people around the world.

Position Overview:

We are seeking a technically skilled and security-focused Senior Engineer II to join our cybersecurity team. This role is critical to enhancing the security posture of enterprise applications through the implementation of secure development practices, vulnerability scanning, and threat mitigation strategies.
Key Responsibilities:

• Lead the integration of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools into CI/CD pipelines.
• Conduct API DAST scans and manual assessments to identify and remediate high-severity vulnerabilities across enterprise applications.
• Drive onboarding and implementation of tools such as Checkmarx One, Qualys WAS, and other scanning platforms.
• Collaborate with development and DevOps teams to embed security into the software development lifecycle (DevSecOps).
• Provide technical guidance on secure coding practices and remediation strategies.
• Contribute to security architecture reviews and support threat modelling exercises.
• Maintain documentation of findings, remediation efforts, and tool configurations.
• Effectively communicate vulnerability findings, risk implications, and provide actionable remediation guidance to ensure secure and timely resolution.
• Participate in training sessions and workshops for development teams to promote secure coding practices, raise awareness of common vulnerabilities, and improve remediation effectiveness.

Required Qualifications

• Bacheloru2019s degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in cybersecurity, with a focus on application security and DevSecOps.
• Hands-on experience with SAST and DAST tools (e.g., Checkmarx, Qualys WAS, Burp Suite).
• Strong understanding of OWASP Top 10 and secure coding principles.
• Familiarity with CI/CD tools and pipelines (e.g., Jenkins, GitHub Actions).
• Excellent communication and documentation skills.

Preferred Qualifications

• Experience in manual vulnerability assessment and penetration testing.
• Exposure to enterprise security architecture and governance frameworks.
• Certifications such as OSCP, CEH, or CISSP are a plus.

What We Offer

• A collaborative and inclusive work environment.
• Opportunities to work on impactful projects that safeguard patient data and support global healthcare.
• Career development support and access to cutting-edge security technologies.

Additional Information:

u2022u00A0u00A0 u00A0Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form () for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lillyu00A0does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

#WeAreLilly