Application Security Engineer

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Eli Lilly Cork is made up of a talented diverse team of over 1,600 employees across 38 nationalities who deliver innovative solutions that add value across a variety of Business Service functions including Finance, Information Technology, Medical, Clinical Trials and more.

Eli Lilly Cork offers a premium workspace across our campus in Little Island, complete with flexible hybrid working options, healthcare, pension and life assurance benefits, subsidised canteen, onsite gym, travel subsidies and on-site parking. Inhouse People Development services, Educational Assistance, and our ‘Live Your BEST Life’ wellbeing initiatives are just some of the holistic benefits that enhance the career experience for our colleagues.

Eli Lilly Cork is committed to diversity, equity and inclusion (DEI). We cater for all dimensions ensuring inclusion of all ethnicities, nationalities, cultural backgrounds, generations, sexuality, visible and invisible disabilities and gender, with four pillars: EnAble, Age & Culture, LGBTQ+ and GIN-Gender Inclusion Network. EnAble, our pillar for people with disabilities and those that care for them, partners with the Access Lilly initiative to make our physical and digital environment accessible and inclusive for all. Together they are committed to promoting awareness to create a disability confident culture both at Eli Lilly Cork and beyond.

Come join our team - Be Creative, Be an Innovator, and most of all, Be Yourself.

What You'll Be Doing:

As an Application Security Engineer at Lilly on the Security Architecture and Engineering team, you will play a pivotal role in ensuring the security of our software development lifecycle (SDLC). Your primary responsibility will be to integrate application security testing tools into the development and deployment pipeline, ensuring that every step of the SDLC follows security best practices. You will partner with engineering teams to enable secure coding practices, conduct security testing, and coordinate vulnerability remediation efforts. Additionally, you will collaborate with various stakeholders across the organization to develop and implement application security strategies.

How You'll Succeed:

• Technical expertise: As an Application Security Engineer, you will leverage your deep technical knowledge of application security concepts, tools, and best practices to implement tailored security solutions and effectively mitigate threats and risks.
• Problem-solving skills: Adept problem-solving abilities are crucial in quickly identifying and addressing security issues, ensuring the development and delivery of robust and secure applications in a timely manner.
• Collaboration and communication skills: You will actively collaborate with both local and remote team members, playing a pivotal role in defining, designing, and executing application security strategies. Excellent communication skills are essential for this role, as you will need to engage with both technical and non-technical audiences, including software developers, DevOps teams, and other stakeholders.
• Agility: The ability to quickly adapt to the changing threat landscape and move at the pace of the adversary is critical to success in this role.
• Knowledge of application security trends: This role requires staying abreast of the latest developments in application security, including emerging threats, tools, and best practices, and integrating these insights into our practices.
• Balancing security and operational needs: You will balance stringent security guidelines with operational requirements, maintaining the desired corporate security posture while demonstrating empathy and understanding towards the engineering teams' challenges and needs.

Key Responsibilities:

• Lead and deliver the integration of security testing tools in the Software Development Lifecycle (SDLC), including Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST) tools.
• Partner with DevOps teams to build security testing and verification into the application development and deployment processes.
• Secure containers in on-prem and cloud container hosting services, collaborating with Cloud Service delivery teams to ensure secure configuration and deployment.
• Build relationships with internal and external customers, partnering with them to monitor and coordinate the remediation of vulnerabilities.
• Develop and maintain technical specifications, design patterns, standards, and security guidance, with a particular emphasis on application security.
• Perform threat analysis and modeling to enable business and technical partners to deliver secure solutions integrated with the SecOps lifecycle.
• Coordinate with other cybersecurity teams to drive key vulnerability remediation initiatives.
• Triage newly identified critical vulnerabilities and zero-day vulnerabilities, assess the threat and impact, and manage escalation processes for remediation based on risk.
• Continuously improve processes and procedures, including reporting exceptions/risk acceptance for further review and escalation to the appropriate risk owners.
• Interact with stakeholders to develop and fine-tune the process of how application security metrics are calculated and communicated.

Your Basic Qualifications:

• Bachelor's degree in Cyber Security, Computer Science, Information Technology, or related field Or
• High School Diploma/GED with 4+ years of experience in Cyber Security, Information Technology, or related field. And
• 2-6 years of demonstrated experience in application security, with a strong focus on integrating security into the SDLC.
• Proficiency in DevSecOps practices and conducting end-to-end security testing of applications.
• Experience with evaluating, mitigating and prioritizing application security vulnerabilities, using manual testing methods and/or industry standard commercial or open-source tools.
• Experience with automating processes for security testing, escalating, and reporting through scripting and working with APIs.
• Knowledge of and ability to apply frameworks such as OWASP Top 10 and MITRE ATT&CK Framework.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form ([https://careers.lilly.com/us/en/workplace-accommodation>) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

#WeAreLilly