Senior Application Security Engineer

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees work to discover and bring life‑changing medicines, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work and put people first.

Eli Lilly Cork is a diverse team of over 2,000 employees across 60 nationalities located on the Little Island campus. The campus offers a premium workspace, flexible hybrid working options, a full benefits package (healthcare, pension, life assurance), a subsidised canteen, onsite gym, travel subsidies, on‑site parking, people development services, educational assistance, and wellbeing initiatives such as "Live Your BEST Life."

Eli Lilly Cork is committed to diversity, equity and inclusion (DEI) and promotes an inclusive culture through four pillars: EnAble, Age & Culture, LGBTQ+ and GIN‑Gender Inclusion Network. We partner with the Access Lilly initiative to make our physical and digital environment accessible.

As an Application Security Engineer on the Security Architecture and Engineering team, you will play a pivotal role in ensuring the security of our software development lifecycle (SDLC). Your primary responsibility is to integrate application security testing tools into the development and deployment pipeline, enabling secure coding practices, conducting security testing, and coordinating vulnerability remediation. You will collaborate with engineering teams and stakeholders to develop and implement application security strategies.

• 
  
• Leverage deep technical knowledge of application security concepts, tools, and best practices to implement tailored solutions and mitigate threats.
  
• Apply problem‑solving skills to quickly identify and address security issues, ensuring robust and secure application delivery.
  
• Collaborate effectively with local and remote team members, defining, designing, and executing application security strategies while communicating across technical and non‑technical audiences.
  
• Maintain agility to adapt to the evolving threat landscape and operate at the pace of the adversary.
  
• Stay abreast of application security trends, emerging threats, tools, and best practices, and integrate insights into our practices.
  
• Balance stringent security guidelines with operational needs, demonstrating empathy toward engineering teams’ challenges.
  

• 
  
• Lead integration of security testing tools in the SDLC (SAST, SCA, secrets scanning, DAST).
  
• Support secrets management practices and tooling.
  
• Partner with DevOps to embed security testing and verification into development and deployment processes.
  
• Secure containers in on‑prem and cloud hosting services, collaborating with Cloud Service Delivery teams.
  
• Build relationships with internal and external customers to monitor and coordinate vulnerability remediation.
  
• Develop and maintain technical specifications, design patterns, standards, and security guidance focused on application security.
  
• Perform threat analysis and modeling to enable secure solution delivery integrated with SecOps.
  
• Coordinate with other cybersecurity teams to drive vulnerability remediation initiatives.
  
• Triage newly identified critical and zero‑day vulnerabilities, assess threat and impact, and manage escalation for remediation.
  
• Continuously improve processes and procedures, reporting exceptions/risk acceptance for review and escalation to risk owners.
  
• Engage stakeholders to develop and fine‑tune application security metrics calculation and communication.
  

• 
  
• Bachelor’s degree in Cyber Security, Computer Science, Information Technology, or related field.
  
• High School Diploma/GED with 4+ years of experience in Cyber Security, Information Technology, or related field.
  
• 2–6 years of demonstrated experience in application security, focusing on integrating security into the SDLC.
  
• Proficiency in DevSecOps practices and end‑to‑end security testing of applications.
  

• 
  
• Experience evaluating, mitigating, and prioritizing application security vulnerabilities using manual testing and commercial or open‑source tools.
  
• Experience automating security testing processes, escalation, and reporting through scripting and APIs.
  
• Knowledge of and ability to apply frameworks such as OWASP Top 10 and MITRE ATT&CK Framework.
  

Lilly is dedicated to helping individuals with disabilities actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form ( ) for further assistance. This form is for individuals to request an accommodation as part of the application process; any other correspondence will not receive a response. xcfaprz

Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.