Principal Security Engineer

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

What You'll Be Doing:

As a Security Engineer, you will serve as a technical lead for security consulting engagements and threat modeling initiatives. You will develop complex threat models, security architectures, and reference patterns while providing guidance on secure design principles. This role involves significant collaboration with various teams to integrate security practices into the development lifecycle and conducting security architecture briefings.

How You'll Succeed:

• Technical expertise: You will demonstrate strong domain knowledge in security engineering and threat modeling methodologies.

• Strategic thinking: Success requires the ability to develop reference architectures and integrate complex systems like Zero Trust architectures.

• Consultative approach: You will provide expert security consulting services and guidance to various teams and stakeholders.

• Leadership: Strong ability to lead technical initiatives and mentor other security professionals.

• Innovation: You will actively promote new security approaches and best practices across teams.

• Communication: Excellence in conveying complex security concepts to diverse audiences.

Key Responsibilities:

• Develop and conduct complex threat modeling exercises

• Create and maintain security architectures and design patterns

• Provide security consulting services across the organization

• Lead the integration of Zero Trust architectures and other complex systems

• Conduct security architecture briefings and workshops

• Develop and document security best practices

• Mentor junior security engineers

• Drive the adoption of security standards and patterns

• Perform security architecture reviews and assessments

• Contribute to reference architecture development

What You Should Bring:

• Deep understanding of threat modeling methodologies and frameworks

• Experience with security architecture design and implementation

• Strong background in security consulting and risk assessment

• Knowledge of Zero Trust principles and architecture

• Expertise in security frameworks (MITRE ATT&CK, STRIDE)

• Strong analytical and problem-solving abilities

• Excellence in technical documentation and communication

• Experience in mentoring and knowledge sharing

• Project management and strategic planning skills

• Commitment to continuous learning and professional development

Your Basic Qualifications:

• Bachelor's Degree in Computer Science, Information Security, or related field Or High School Diploma/GED with 4+ years of experience in Information Security

• At least 5+ years of cybersecurity or related experience

• Extensive experience in threat modeling and risk assessment

• Expertise in security architecture design

• Strong understanding of Zero Trust principles

• Proficiency in security consulting

• Excellence in technical documentation

• Advanced knowledge of security frameworks and methodologies

• Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly