At Lilly, the work is demanding because patients are waiting. We unite caring with discovery to help make life better for people around the world, knowing that every decision, every detail, and every day matters. Headquartered in Indianapolis, Indiana, our over 50,000 employees around the globe take on complex challenges to discover and deliver life-changing medicines, strengthen how health is understood and managed, and support the communities we serve. This is hard, urgent, selfless work—but it’s work worth doing. If you’re driven by purpose and ready to bring your best to work that truly matters for patients, we invite you to join us.

Join Lilly’s Security Architecture and Engineering team as a Security Automation Engineer who builds the tools and automations that power our security work, and who can roll up their sleeves with development teams when they need a hand.

Lilly’s Security Architecture and Engineering team is looking for a Security Automation Engineer who is, first and foremost, a builder. Most of your time will go to designing and writing the automations and internal tooling that make our own security workflows faster and less manual, whether that means orchestrating tools, wiring up integrations, or replacing repetitive work with reliable software. You’ll also partner directly with development teams when it counts, reading their code, untangling vulnerabilities, and making security make sense in their language. You’re comfortable reaching for modern tools, including AI coding assistants, to figure things out and ship quickly, but you don’t need to be an AI specialist. If you’re a strong, self-directed engineer who likes owning problems end to end, we encourage you to apply and help us protect the medicines and the patients who depend on Lilly.

What You’ll Be Doing

As a Security Automation Engineer, you will spend most of your time as a builder, designing and writing automations and internal tooling that streamline our security team’s own workflows, from triage and reporting to evidence gathering, scan orchestration, and the repetitive work that slows us down. You’ll also serve as a hands-on partner to software engineering teams across Lilly, helping them remediate vulnerabilities and turning findings, standards, and threat models into clear, practical guidance. You are the kind of engineer who can take an ambiguous problem, figure it out, and ship a working solution with whatever modern tooling gets you there fastest, including AI coding assistants.

How You’ll Succeed

• Design, write, and maintain automated workflows and internal tooling to streamline the security team’s workflows: triage, reporting, evidence gathering, scan orchestration, and repetitive review tasks.
• Build integrations across the security stack (scanners, ticketing, source control, cloud, and asset systems) so information flows automatically rather than by hand.
• Hunt down manual, repetitive work across the team and replace it with reliable, well-documented automation workflows.
• Stand up and improve the pipelines and services the team relies on day to day, with an eye toward reliability and maintainability.
• Prototype quickly using modern tooling, including AI coding assistants, then harden what works into durable tools.
• Operate as a self-directed “figure it out” engineer, taking ambiguous problems end-to-end with minimal direction.
• Partner with development teams when it counts, pairing in their codebases to remediate vulnerabilities and explaining the reasoning behind each fix.
• Translate security findings, standards, and threat models into clear, actionable guidance tailored to each team’s context.
• Share the tools and patterns you build so teams can adopt secure-by-default practices on their own.
  
  
  

What You Should Bring

• Strong general-purpose programming skills and a bias toward automating repetitive work rather than doing it by hand.
• Experience building integrations, services, scripts, or internal tools that connect systems and remove manual steps.
• Experience automating or orchestrating security or DevOps tooling such as scanners, pipelines, ticketing, or cloud APIs.
• Ability to take ambiguous problems and deliver working solutions with minimal direction.
• Comfort using AI coding assistants such as Claude Code to prototype and ship (no AI or machine-learning engineering background required).
• Comfort partnering with and coaching developers, explaining security clearly, and meeting teams where they are.
• Familiarity with application security fundamentals such as the OWASP Top 10, CWE, secure coding practices, and threat modeling.
• Experience helping teams interpret and remediate findings from SAST, DAST, SCA, or secret-scanning tools.
• Working knowledge of modern CI/CD pipelines and cloud environments.
• Relevant certifications (e.g., CSSLP, GIAC GWEB/GSSP, OSCP, or similar) are preferred, but not required.
  
  
  

Basic Requirements

• Minimum of a High School Diploma/GED
• At least 1 year of professional software development experience with individual contributions to production systems
• Demonstrated production coding experience in at least one of: Python, TypeScript/JavaScript, Java, Go, or C#, not solely in an advisory, review, or scripting capacity
• Experience building automation, integrations, or internal tooling
• Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization or visas for this role, including but not limited to F-1 CPT, F-1 OPT, F-1 STEM OPT, J-1, H-1B, TN, O-1, E-3, H-1B1, or L-1.
  
  
  

Additional Information

• Bachelor’s Degree in Computer Science, Information Security, Software Engineering, or a related technical field preferred
• Position requires 5-10% travel
• Position located in Indianapolis, Indiana working in a hybrid model (three days onsite, two days remote each week)
• Fully remote candidates may be considered based on location, role requirements and business needs
  
  
  

Organization Overview

Lilly IT builds and maintains capabilities using cutting edge technologies like most prominent tech companies. What differentiates Lilly IT is that we redefine what’s possible through tech to advance our purpose, creating medicines that make life better for people around the world, like data driven drug discovery and connected clinical trials. We hire the best technology professionals from a variety of backgrounds, so they can bring an assortment of knowledge, skills, and diverse thinking to deliver innovative solutions in every area of our business.

Lilly’s Information Security organization drives innovative, data-driven, and risk-based solutions that help enable and protect Lilly. From medicines discovery to manufacturing and delivery to patients, we solve some of the world’s most challenging problems through our threat hunting, attack surface reduction and risk management practices.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia (AMECA), Black Employees at Lilly (BE@Lilly), Chinese Culture Network (CCN), EnAble, Evolve, Lilly Indian Network (LIN), Organization of Latinx at Lilly (OLA), Pride (LGBTQ+ Allies), Veterans Leadership Network (VLN) and Women’s Initiative for Leading at Lilly (WILL).

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location. The anticipated wage for this position is

$64,500 - $158,400

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly