At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world. What You'll Be Doing As a Security Architect, you will serve as a technical lead for security consulting engagements, threat modeling initiatives, and third-party security assessments. You will develop threat models, security architectures, and reference patterns — including for cloud and hybrid environments — while providing guidance on secure design principles. This role involves close collaboration across teams to integrate security into the development lifecycle and evaluate vendor security posture. You will also leverage AI-powered tools to enhance the efficiency and depth of security assessments. How You'll Succeed - Technical expertise: Deep domain knowledge across security engineering, threat modeling, cloud architectures, application security, and third-party risk management. Ability to use AI tooling to accelerate and improve security work. - Strategic thinking: Ability to develop reference architectures and integrate complex systems across on-premises and cloud environments, balancing security risk with business enablement. - Consultative approach: Provide expert security guidance to teams, stakeholders, and external vendors throughout assessment engagements, including evaluating and advising on the secure use of AI platforms. - Leadership: Lead technical initiatives and architecture reviews while mentoring junior security professionals. - Innovation: Actively promote cloud-native security patterns and the responsible adoption of AI technologies across teams. - Communication: Translate complex security concepts and technical risk findings into clear, business-friendly language for executive stakeholders and audiences with different technical backgrounds. Key Responsibilities - Develop and conduct threat modeling exercises across application, infrastructure, and cloud environments using established frameworks (MITRE ATT&CK, STRIDE, NIST 800-53, ISO 27001) - Create and maintain security architectures and design patterns, including cloud and hybrid reference architectures - Conduct security architecture reviews for internal initiatives, new technologies, and third-party vendors. - Perform third-party security assessments, including vendor questionnaire reviews, SOC 2 evaluations, and risk acceptance documentation - Leverage AI tools and technologies to streamline assessment workflows, analyze vendor documentation, identify risk patterns, and improve assessment quality and consistency - Provide security consulting services across the organization, enabling business objectives while clearly communicating risk - Develop and document security best practices, standards, and guidance — including responsible AI tool usage in security workflows - Lead security briefings and workshops; mentor junior security engineers and drive adoption of security standards Your Basic Qualifications - High Schol Diploma/GED - Expertise in threat modeling and security architecture across cloud (AWS, Azure, GCP), SaaS, and hybrid environments - Experience in security consulting, risk assessment, and third‑party cyber risk management, including SOC 2 and HIPAA evaluations - 7+ years of experience in cybersecurity or a related field - Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization or visas for this role now or in the future, including but not limited to F-1 CPT, F-1 OPT, F-1 STEM OPT, J-1, H-1B, TN, O-1, E-3, H-1B1, or L-1. What You Should Bring - Bachelor's degree in Computer Science, Information Security, or related field preferred - Experience with or willingness to adopt AI tools for document analysis, risk summarization, and pattern identification; understanding of AI/ML security considerations - Knowledge of Zero Trust principles and major security frameworks (MITRE ATT&CK, STRIDE, NIST 800-53, ISO 27001) - Excellence in technical documentation and executive-level risk communication - Experience mentoring, collaborating across teams, and engaging stakeholders at varying levels of technical expertise - Project management and strategic planning skills - Commitment to continuous learning and professional development, including staying current on developments relevant to cybersecurity Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response. Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status. Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups. Actual compensation will depend on a candidate’s education, experience, skills, and geographic location. The anticipated wage for this position is $141,000 - $225,000 Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees. #WeAreLilly

As a family company, we serve people and communities. When you work at Meijer, you’re provided with career and community opportunities centered around leadership, personal growth and development. Consider joining our family – take care of your career and your community! Grab the Good Stuff: - Weekly pay - Team member discount - 401(k) with company contributions - Paid parental leave - Paid education assistance - Development programs for advancement and career growth - Medical/dental/vision - And more! Please review the job profile below and apply today! The Senior IT Application Security Engineer is recognized as a subject matter expert in secure application design, threat modeling, and secure coding practices. You will assist software development teams in designing, creating, and implementing secure solutions by ensuring that security checks are followed throughout each phase of the software development life cycle (SDLC). You are expected to take a proactive leadership role in driving application security initiatives and define, communicate, and enforce application security standards across the organization. You will lead opportunities to enhance security processes and mentor team members by sharing your expertise. You will also identify security knowledge gaps and present training to IT stakeholders. Additionally, you will champion efforts to advance the maturity of the application security program to help foster a culture of continuous improvement. What You'll be Doing: - Develop and provide presentations on application security topics to both technical and non-technical audiences. - Advise executive leadership on current and evolving threats to enable risk-informed decisions. - Mentor members of the information security team on matters of application security. - Facilitate third-party penetration tests, triage findings, and create remediation plans with development teams. - Provide tailored remediation guidance to software developers to address security findings. - Provide architectural and security guidance for third-party platforms and services as they integrate into Meijer environments and/or code. - Review the security of third-party/open-source software used by Meijer. - Provide risk-based analysis of security posture to drive business decisions. - Foster relationships with key business partners to create a culture of security and achieve prioritization of security initiatives. - Develop internal security tooling for identifying or remediating security risks. - Assist/lead on matters of application security in the event of an incident. - This job profile is not meant to be all inclusive of the responsibilities of this position.  May perform other duties as assigned or required. What You Bring with You (Qualifications): - Bachelor’s degree or above in Computer Science, Information Security, or related field. - At least four years of professional experience, with at least two years in a security field and at least one year with direct experience writing code. - Familiar with object-oriented programming and have written code in one or more programming languages (e.g. C#, Java, C++). - Agile/Scrum, SAFe, or Lean certification preferred. - Familiarity with secure coding best practices such as the OWASP Top 10. - Knowledge of common application architectures and the relative risks associated with them (e.g. single page apps, client-server, native mobile, microservices). - Foundational knowledge of security practices in several applied contexts, e.g. networking, cloud infrastructure, containerization, operations, audit, or governance. - Knowledge of relevant technology, tools, databases, and development techniques. - Strong focus on team dynamics and interpersonal relationships. - Strong sense of task ownership with consistent follow-through. - Ability to anticipate risks and devise solutions with limited information or context. - Excellent project management, organization, and team collaboration skills. - Curiosity to learn. - Capable of defining and measuring key performance indicators. - Able to work cross-functionally with IT and business partners across all areas of Meijer and vendor partners. - Adaptive, flexible, and responsive to challenges. - Awareness of how security controls influence both internal stakeholders and Meijer customers. - SANS/GIAC, CompTIA, ISC2 (e.g. CISSP) or other applicable industry certifications preferred. We are committed to offering competitive pay that reflects market standards and ensures consistency within our organization. The pay range for this position is listed below. $120,750.00 - $191,000.00 This pay range represents the minimum and maximum base pay for the position, which is determined by factors such as market data, the qualifications required, the level of responsibilities associated with the role and other roles at this same level. Your specific pay rate within this range will be based on your experience, qualifications, and skills compared to the internal team you’ll be joining. We offer a comprehensive benefits package that includes medical, dental, vision, life insurance, a 401(k) plan with employer match, disability leave, and paid time off (PTO). In addition to these core benefits, we are committed to supporting your overall well-being and career growth. Our offerings include a variety of programs designed to support your personal and professional development, such as paid parental leave, paid education assistance (including free education), a childcare subsidy and more. We are dedicated to creating a work environment that promotes work-life balance, long-term health and financial security, and continuous professional development The interview process is intended to learn more about your personal skills and experience. To this end, we ask that candidates do not use AI tools during the hiring process. Please note: - Cameras must be turned on during all virtual interviews. - AI tools may not be used during any part of the interview process.

Role Description Ce recrutement s'inscrit dans le projet d'infrastructure cloud pour le numérique de défense — conçue, intégrée et opérée par nos équipes — en se dotant d'une stack maîtrisée, sécurisée, performante et résiliente, déployée sur l'ensemble du territoire national. Vos missions seront les suivantes : - Concevoir, challenger, déployer et opérer l'architecture IAM (infrastructure et utilisateurs) ; - Implémenter et maintenir les mécanismes d'autorisation inter-domaines et multi-tenants ; - Opérer la gestion des secrets et certificats à l'échelle de la plateforme ; - Implémenter les durcissements de sécurité à tous les niveaux de manière pragmatique : matériel (secure boot, firmware, TPM), système (SELinux/AppArmor, isolation), réseaux (µsegmentation) en collaboration avec les équipes ; - Intégrer les dispositifs LID : déployer les sondes, configurer les points de collecte ; - En partenariat avec le RSSI projet, porter le dialogue avec la chaîne SSI et défendre les choix d’architecture ; - Participer à la gestion de crise ; - Rédaction des procédures d’exploitation et de la documentation technique ; - Encadrer techniquement les ingénieurs sur les questions SSI ; contribuer au recrutement et à la montée en compétences. Qualifications - 8+ ans d'expérience en sécurité des systèmes d'information et sécurité cloud - Conception et déploiement d'architectures IAM (Identity and Access Management) à l'échelle - Durcissement de plateformes cloud sur l'ensemble de la stack (matériel, système, réseau) - Gestion de secrets et PKI dans des environnements de production critiques - Mise en œuvre de solutions de sécurité dans des contextes multi-tenants et multi-domaines - Approche DevSecOps : intégration de la sécurité dans les chaînes CI/CD Requirements - IAM : conception d'architectures d'authentification et d'autorisation (OIDC, SAML, RBAC/ABAC) - PKI et gestion de secrets : déploiement et opération (HashiCorp Vault, cert-manager, ou équivalents) - Hardening système : SELinux/AppArmor, isolation par namespaces, secure boot, TPM - Sécurité réseau : microsegmentation, Zero Trust, politiques réseau Kubernetes - Détection d'intrusion : déploiement de sondes LID, configuration de points de collecte - Kubernetes : sécurisation de clusters (Pod Security Standards, Network Policies, admission controllers) - Infrastructure as Code : Terraform, Ansible, GitOps Benefits - Rigoureux : Capacité à concevoir et maintenir des infrastructures critiques avec une attention méticuleuse aux détails, particulièrement dans les aspects de sécurité et de reproductibilité - Innovant : Capacité à proposer des solutions techniques avancées et à implémenter des bonnes pratiques - Ancré dans une culture d'analyse factuelle et d'amélioration continue - Pédagogue : Capacité à transmettre votre expertise, encadrer techniquement et défendre vos choix face à des interlocuteurs techniques ou institutionnels Company Description - Atouts appréciés : - Expérience avec des environnements air-gapped - Connaissance des référentiels SSI : ANSSI, IGI 1300, SecNumCloud - Contributions open source. Éléments de candidature Documents à transmettre : Pour postuler à cette offre, l'envoi du CV et d'une lettre de motivation est obligatoire. Personnes à contacter - dc-dirisi-sdorh-rrh-gpc-gpec.mobilite.fct@intradef.gouv.fr - laurent.prosperi@intradef.gouv.fr

• Designing and deploying active fuzzing, black+white box testing and penetration testing infrastructure for open source and production systems • Performing security audits and review of both internal production systems as well as open source software which interacts with Bitcoin+Lightning in a security critical manner • Provide mentorship and guidance to level up your teammates • Creating global security policy, standards, guidelines, and procedures to ensure ongoing maintenance of security • Overseeing security aspects of software release processes and infrastructure • Determining security team requirements for future growth • Developing and ensuring responsiveness of security incident management processes • Performing risk management assessments