Security Automation Engineer

At Lilly, the work is demanding because patients are waiting. We unite caring with discovery to help make life better for people around the world, knowing that every decision, every detail, and every day matters. Headquartered in Indianapolis, Indiana, our over 50,000 employees around the globe take on complex challenges to discover and deliver life-changing medicines, strengthen how health is understood and managed, and support the communities we serve. This is hard, urgent, selfless work—but it's work worth doing. If you're driven by purpose and ready to bring your best to work that truly matters for patients, we invite you to join us. Join Lilly's Security Architecture and Engineering team as a Security Automation Engineer who builds the tools and automations that power our security work, and who can roll up their sleeves with development teams when they need a hand. Lilly's Security Architecture and Engineering team is looking for a Security Automation Engineer who is, first and foremost, a builder. Most of your time will go to designing and writing the automations and internal tooling that make our own security workflows faster and less manual, whether that means orchestrating tools, wiring up integrations, or replacing repetitive work with reliable software. You'll also partner directly with development teams when it counts, reading their code, untangling vulnerabilities, and making security make sense in their language. You're comfortable reaching for modern tools, including AI coding assistants, to figure things out and ship quickly, but you don't need to be an AI specialist. If you're a strong, self-directed engineer who likes owning problems end to end, we encourage you to apply and help us protect the medicines and the patients who depend on Lilly. What You'll Be Doing As a Security Automation Engineer, you will spend most of your time as a builder, designing and writing automations and internal tooling that streamline our security team's own workflows, from triage and reporting to evidence gathering, scan orchestration, and the repetitive work that slows us down. You'll also serve as a hands-on partner to software engineering teams across Lilly, helping them remediate vulnerabilities and turning findings, standards, and threat models into clear, practical guidance. You are the kind of engineer who can take an ambiguous problem, figure it out, and ship a working solution with whatever modern tooling gets you there fastest, including AI coding assistants. How You'll Succeed • Design, write, and maintain automated workflows and internal tooling to streamline the security team's workflows: triage, reporting, evidence gathering, scan orchestration, and repetitive review tasks. • Build integrations across the security stack (scanners, ticketing, source control, cloud, and asset systems) so information flows automatically rather than by hand. • Hunt down manual, repetitive work across the team and replace it with reliable, well-documented automation workflows. • Stand up and improve the pipelines and services the team relies on day to day, with an eye toward reliability and maintainability. • Prototype quickly using modern tooling, including AI coding assistants, then harden what works into durable tools. • Operate as a self-directed "figure it out" engineer, taking ambiguous problems end-to-end with minimal direction. • Partner with development teams when it counts, pairing in their codebases to remediate vulnerabilities and explaining the reasoning behind each fix. • Translate security findings, standards, and threat models into clear, actionable guidance tailored to each team's context. • Share the tools and patterns you build so teams can adopt secure-by-default practices on their own. What You Should Bring • Strong general-purpose programming skills and a bias toward automating repetitive work rather than doing it by hand. • Experience building integrations, services, scripts, or internal tools that connect systems and remove manual steps. • Experience automating or orchestrating security or DevOps tooling such as scanners, pipelines, ticketing, or cloud APIs. • Ability to take ambiguous problems and deliver working solutions with minimal direction. • Comfort using AI coding assistants such as Claude Code to prototype and ship (no AI or machine-learning engineering background required). • Comfort partnering with and coaching developers, explaining security clearly, and meeting teams where they are. • Familiarity with application security fundamentals such as the OWASP Top 10, CWE, secure coding practices, and threat modeling. • Experience helping teams interpret and remediate findings from SAST, DAST, SCA, or secret-scanning tools. • Working knowledge of modern CI/CD pipelines and cloud environments. • Relevant certifications (e.g., CSSLP, GIAC GWEB/GSSP, OSCP, or similar) are preferred, but not required. Basic Requirements • Minimum of a High School Diploma/GED • At least 1 year of prof