Lilly is looking to reduce security risks and threats in applications and software through secure software development practices.
Requirements
- Strong experience with Secure Software Development Life Cycle (SSDLC) practices and methodologies
- Hands-on experience with security testing tools (SAST/DAST, fuzz testing, static analysis) and integrating them into SDLC processes
- Familiarity with common security threats, vulnerabilities (e.g., OWASP Top 10), and how to mitigate them
- Experience in DevOps/CI/CD pipelines and embedding security into these workflows
- Proficient in a high-level programming language
- Familiarity with cloud security (AWS, Azure, Google Cloud) and container security (Docker, Kubernetes, OpenShift)
Responsibilities
- Partner with AppSec and cyber leadership to prioritize identified security threats
- Lead efforts to assess, track, and mitigate risks through engagement with software development teams
- Guide teams to address security vulnerabilities by integrating solutions into development and operational workflows
- Develop and refine strategies that help teams respond to evolving threats, reducing their risk to production systems
- Mentor cross-functional teams, ensuring that developers, security engineers, and architects are aligned in driving down cyber threats
- Work with leadership and development teams to continuously improve threat mitigation and security integration processes
Other
- Bachelor's or master’s degree in computer science, Information Security, or a related field, or equivalent practical experience
- 7+ years of experience in software development, with at least 3+ years in a cyber security or similar role
- Excellent communication skills, with the ability to effectively engage technical and non-technical stakeholders
