Eli Lilly and Company logo

Security Automation Engineer

Eli Lilly and Company
June 24, 2026
Remote friendly (Indianapolis, IN)
United States
IT
Security Automation Engineer

Responsibilities
- Design, write, and maintain automated workflows and internal tooling to streamline security team operations (triage, reporting, evidence gathering, scan orchestration, repetitive review tasks).
- Build integrations across the security stack (scanners, ticketing, source control, cloud, and asset systems) to automate information flow.
- Replace manual, repetitive work with reliable, well-documented automation.
- Stand up and improve supporting pipelines/services with reliability and maintainability.
- Prototype quickly with modern tooling (including AI coding assistants) and harden into durable tools.
- Partner with development teams to remediate vulnerabilities and explain fixes; translate findings/standards/threat models into actionable guidance; share tools/patterns for secure-by-default practices.

Qualifications / Skills
- Strong programming skills with a bias toward automating repetitive work.
- Experience building integrations/services/scripts/internal tools.
- Experience automating/orchestrating security or DevOps tooling (scanners, pipelines, ticketing, cloud APIs).
- Ability to deliver solutions for ambiguous problems with minimal direction.
- Familiarity with application security fundamentals (OWASP Top 10, CWE, secure coding, threat modeling).
- Experience with SAST/DAST/SCA/secret scanning remediation.
- Working knowledge of CI/CD and cloud environments.
- Preferred: relevant certifications (e.g., CSSLP, GIAC, OSCP).

Basic Requirements
- High School Diploma/GED; 1+ year professional software development with production contributions.
- Production coding in Python, TypeScript/JavaScript, Java, Go, or C#.
- Authorized to work in the U.S. full-time; sponsorship not provided.

Additional Information
- Preferred: Bachelor’s in CS/InfoSec/Software Engineering or related field.
- 5–10% travel.
- Indianapolis, IN hybrid (3 days onsite/2 days remote); fully remote may be considered by location and business needs.