Security Engineer

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We're looking for people who are determined to make life better for people around the world.

Main Attributes

• Job description: Contribute as a hands-on security engineer, validating security controls, supporting and participating in threat modeling exercises, and helping integrate security practices into technology projects.

• Qualifications: Strong technical foundation, exposure to threat modeling and secure design principles, good analytical skills, and a demonstrated interest in Cybersecurity and consulting.

• Key responsibilities: Participate in threat modeling, develop and validate security controls, support security assessments, and contribute to secure solution development.

• Team management & collaboration: Build relationships and work closely and support developers, architects, and operations teams; and contribute to innovative, practical security solutions.

What You'll Be Doing

• Participate in security consulting engagements and threat modeling sessions.

• Consult on security control design and support effectiveness assessments during system development and testing.

• Support security operations and consulting by contributing scripts, automation, or analysis tooling.

• Contribute to secure design reviews and provide recommendations.

• Collaborate with developers and architects to proactively integrate security into project planning and design.

• Assist with preparing security documentation, patterns, and knowledge sharing.

How You'll Succeed

• Technical expertise: Build hands-on skills in security testing, control implementation, and threat modeling.

• Problem-solving: Apply analytical thinking to identify risks and propose mitigations.

• Collaboration: Work effectively with cross-functional teams to integrate security into workflows.

• Learning mindset: Proactively develop knowledge of frameworks, tools, and secure coding practices.

• Innovation: Suggest improvements and support adoption of new security tools and methods.

• Communication: Document and explain findings clearly for both technical and non-technical audiences.

Key Responsibilities

• Participate in threat modeling exercises and document risks, mitigations, and recommendations.

• Consult on security control design and support validation of effectiveness during system development and testing.

• Support operations and consulting by contributing scripts, automation, or analysis tooling.

• Contribute to secure design reviews and provide input to strengthen architecture security.

• Partner with developers, infrastructure teams, and architects to shift security left by embedding requirements early in design and development.

• Assist in preparing security documentation, standards, and knowledge-sharing materials.

• Collaborate with senior engineers to learn and apply security frameworks, tools, and Cybersecurity best practices.

What You Should Bring

• Exposure to secure design principles and security architecture concepts.

• Familiarity with security controls and how they are validated in system design and testing.

• Experience (or strong interest) in scripting, automation, or tooling to support operations and consulting.

• Strong analytical and problem-solving skills with attention to detail.

• Ability to clearly document technical work and explain findings to peers and stakeholders.

• Interest in modern security approaches such as Zero Trust and cloud-native security.

• Commitment to continuous learning and professional development in cybersecurity.

Basic Qualifications

• Bachelor's Degree

• 0-5 years of experience in cybersecurity, security engineering, or a related technical role.
• Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) now or in the future.

Core Technical Competencies

• Strong analytical and problem-solving abilities with a foundational understanding of threat modeling and risk assessment methodologies.

• Exposure to secure design principles and security architecture concepts.

• Ability to support validation of security controls in system design and testing.

• Experience or interest in scripting, automation, or tooling to assist security operations and consulting.

• Familiarity with, or eagerness to learn, security frameworks and methodologies (e.g., MITRE ATT&CK, STRIDE, NIST).

• Ability to produce clear technical documentation and communicate findings effectively.

• Understanding of shift-left principles and early integration of security into development and project lifecycles.

• Willingness to learn and adopt new security tools, practices, and technologies.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form ( for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women's Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.

Actual compensation will depend on a candidate's education, experience, skills, and geographic location. The anticipated wage for this position is
$63,750 - $180,400

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly's compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly