Security Automation Engineer

About The Position

Requirements

• Strong general-purpose programming skills and a bias toward automating repetitive work rather than doing it by hand.
• Experience building integrations, services, scripts, or internal tools that connect systems and remove manual steps.
• Experience automating or orchestrating security or DevOps tooling such as scanners, pipelines, ticketing, or cloud APIs.
• Ability to take ambiguous problems and deliver working solutions with minimal direction.
• Comfort using AI coding assistants such as Claude Code to prototype and ship (no AI or machine-learning engineering background required).
• Comfort partnering with and coaching developers, explaining security clearly, and meeting teams where they are.
• Familiarity with application security fundamentals such as the OWASP Top 10, CWE, secure coding practices, and threat modeling.
• Experience helping teams interpret and remediate findings from SAST, DAST, SCA, or secret-scanning tools.
• Working knowledge of modern CI/CD pipelines and cloud environments.
• Minimum of a High School Diploma/GED
• At least 1 year of professional software development experience with individual contributions to production systems
• Demonstrated production coding experience in at least one of: Python, TypeScript/JavaScript, Java, Go, or C#, not solely in an advisory, review, or scripting capacity
• Experience building automation, integrations, or internal tooling
• Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization and visas for this role, including but not limited to F-1 CPT, F-1 OPT, F-1 STEM OPT, J-1, H-1B, TN, O-1, E-3, H-1B1, or L-1.

Nice To Haves

• Relevant certifications (e.g., CSSLP, GIAC GWEB/GSSP, OSCP, or similar) are preferred, but not required.
• Bachelor’s Degree in Computer Science, Information Security, Software Engineering, or a related technical field preferred

Responsibilities

• Design, write, and maintain automated workflows and internal tooling to streamline the security team’s workflows: triage, reporting, evidence gathering, scan orchestration, and repetitive review tasks.
• Build integrations across the security stack (scanners, ticketing, source control, cloud, and asset systems) so information flows automatically rather than by hand.
• Hunt down manual, repetitive work across the team and replace it with reliable, well-documented automation workflows.
• Stand up and improve the pipelines and services the team relies on day to day, with an eye toward reliability and maintainability.
• Prototype quickly using modern tooling, including AI coding assistants, then harden what works into durable tools.
• Operate as a self-directed “figure it out” engineer, taking ambiguous problems end-to-end with minimal direction.
• Partner with development teams when it counts, pairing in their codebases to remediate vulnerabilities and explaining the reasoning behind each fix.
• Translate security findings, standards, and threat models into clear, actionable guidance tailored to each team’s context.
• Share the tools and patterns you build so teams can adopt secure-by-default practices on their own.

Benefits

• company bonus (depending, in part, on company and individual performance)
• company-sponsored 401(k)
• pension
• vacation benefits
• medical, dental, vision and prescription drug benefits
• flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts)
• life insurance and death benefits
• certain time off and leave of absence benefits
• well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities)