FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Senior Principal Security Engineer, Application Security – Automation
Eli Lilly and CompanyApplication Security Engineer advancing Lilly's Secure SDLC program through engineering, automation, and applied AI. Evolving core AppSec platforms and building automation and AI tooling.
Tech Stack
Tools & technologiesCloudGoJavaJavaScriptPythonSDLCTypeScript
About the role
Key responsibilities & impact- Evolve one or more AppSec platforms within the Secure SDLC program
- Design and build automation within Security Architecture and Engineering
- Apply LLMs, agentic frameworks, MCP servers, and tool-calling patterns
- Partner with development teams on secure coding practices, threat modeling, and remediation of findings from SAST, DAST, SCA, and secret scanning tools
- Contribute to Lilly's Secure SDLC standards and vulnerability management policy, translating policy into enforceable pipeline and platform controls
- Support the secrets management rollout and migration of applications off legacy secret stores, including code-level guidance for SDK-based and injected consumption patterns
- Produce developer-facing content, reference architectures, secure patterns, short-form instructional content and reusable code samples
- Harden Lilly's CI/CD environment against software supply chain attacks— pinned actions, OIDC-based cloud auth, runner isolation, workflow permissions, and protection of build-time secrets and artifacts
- Partner with the Cloud Security team on Infrastructure-as-Code (IaC) security — extending secure-by-default patterns and developer guardrails from application code into the infrastructure that runs it
Requirements
What you’ll need- Bachelor's Degree in Computer Science, Information Security, Software Engineering, or related fields
- At least 2 years of dedicated application security experience
- At least 2 years of software development experience with individual contributions to production systems
- At least a total of 5 years of combined experience across both rigors
- Demonstrated production coding experience in at least one of: Python, TypeScript/JavaScript, Java, Go, or C# — not solely in an advisory, review, or scripting capacity
- Experience building or integrating security automation within a GitHub environment, including GitHub Actions
- Familiarity with threat modeling in a professional setting
- Hands-on experience with large language models (LLMs) in a professional or project context, such as prompt engineering, API integration, or workflow automation
Benefits
Comp & perks- eligibility to participate in a company-sponsored 401(k)
- pension
- vacation benefits
- eligibility for medical, dental, vision and prescription drug benefits
- flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts)
- life insurance and death benefits
- certain time off and leave of absence benefits
- well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities)
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
application securitysecure coding practicesthreat modelingSASTDASTSCAPythonTypeScriptJavaGo
Certifications
Bachelor's Degree in Computer ScienceBachelor's Degree in Information SecurityBachelor's Degree in Software Engineering