Role Description This role focuses on analyzing and reviewing content for security vulnerabilities, with an emphasis on pattern recognition and classification within an AI-driven environment. You will apply your expertise in systems programming and cybersecurity to help improve how advanced AI models detect, classify, and reason about potential threats. - Analyze and review technical content to identify potential security vulnerabilities - Classify issues using established frameworks and best practices - Design, solve, and evaluate real-world security-focused problems - Apply pattern recognition to improve AI model understanding of threat scenarios - Collaborate asynchronously with domain experts to ensure high-quality outputs Qualifications - 2+ years of programming experience, preferably in low-level languages such as C, C++, or Java - Familiarity with vulnerability classification frameworks (e.g., OWASP, CVEs, or similar) - Strong understanding of cybersecurity fundamentals, including web security and common attack vectors - Excellent attention to detail and analytical thinking - Clear written and verbal communication skills in English Requirements - Must be based in the United States, Canada, United Kingdom, Australia, or New Zealand - Ability to pass an enhanced background check Benefits - Initial work trial beginning mid-April, with potential extension into a ~2-month project - Fully remote, asynchronous work environment with flexible scheduling - Opportunity to collaborate with highly skilled experts across cybersecurity and AI domains Interview Process - Short interview and questionnaire to assess technical expertise - Paid onboarding (up to 1 hour), including screening and introductory materials for selected candidates Compensation & Payments - Competitive compensation based on expertise and contribution - Weekly payments via supported global payment platforms Additional Information - Independent contractor engagement - Work must not involve sharing confidential or proprietary information from any current or past employer or client - Project duration may vary based on performance and business needs - This opportunity does not currently support certain work authorization categories Equal Opportunity Statement All qualified applicants will be considered without regard to legally protected characteristics. Reasonable accommodations are available upon request.

Title: Sr. Principal Security Engineer, Application Security & Automation Location: Remote United States Full time Job Description: At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We're looking for people who are determined to make life better for people around the world. As an Application Security Engineer your role is focused on advancing Lilly's Secure SDLC program through engineering, automation, and applied AI. This is a critical, builder role on the Security Architecture & Engineering (SAE) team that will own and evolve core AppSec platforms- SAST, DAST, SCA, secret scanning, secrets management, and software supply chain controls- while building the automation and AI tooling that can scale across thousands of repositories and hundreds of applications. We're targeting candidates at R4-6. Job description is below. What You'll Be Doing: As an Application Security Engineer, you will operate at the intersection of software engineering and security engineering- leading platforms, writing code, building integrations, and designing automation. You will take part in Lilly's Secure SDLC program end-to-end, including SAST, DAST, SCA, and secret scanning tooling; secrets management; and our emerging software supply chain capabilities. You will use technology and apply LLM-based approaches to secure application and architecture design, vulnerability triage and remediation, and the delivery of secure‑by‑default patterns across Lilly's development ecosystem. How You'll Succeed: - Engineering-first mentality: You bring real software development experience and treat security problems as engineering problems, automating what can be automated, integrating deeply with developer workflows, and writing production-quality code. - AI fluency: You are genuinely excited about LLMs and agentic tooling and have built things with them. You understand MCP, agent harnesses, and how to wire LLMs into real workflows - and you can tell where AI meaningfully accelerates security work versus where it shouldn't be trusted. - Platform management: Success requires running AppSec tooling as platforms with clear SLAs, telemetry, and continuous improvement rather than one-off scans and tickets. - Secure coding credibility: You have written code in multiple languages and ecosystems and can speak the developer's language. When you flag a finding or propose a control, engineers trust that you understand the tradeoffs. - Developer partnership: You build leverage through partnership-meeting development teams where they are, shipping secure-by-default patterns, and making the secure path the path of the least resistance. - Build system security: You understand that CI/CD is itself a high-value target. You have opinions on GitHub Actions OIDC, pinning actions to commit SHAs, least-privilege runners, and protecting secrets and artifacts as they move through the pipeline. Key Responsibilities: - Evolve one or more AppSec platforms within the Secure SDLC program. - Design and build automation within Security Architecture and Engineering. - Apply LLMs, agentic frameworks, MCP servers, and tool-calling patterns. - Partner with development teams on secure coding practices, threat modeling, and remediation of findings from SAST, DAST, SCA, and secret scanning tools. - Contribute to Lilly's Secure SDLC standards and vulnerability management policy, translating policy into enforceable pipeline and platform controls. - Support the secrets management rollout and migration of applications off legacy secret stores, including code-level guidance for SDK-based and injected consumption patterns. - Produce developer-facing content, reference architectures, secure patterns, short-form instructional content and reusable code samples. - Harden Lilly's CI/CD environment against software supply chain attacks- pinned actions, OIDC-based cloud auth, runner isolation, workflow permissions, and protection of build-time secrets and artifacts. - Partner with the Cloud Security team on Infrastructure-as-Code (IaC) security - extending secure-by-default patterns and developer guardrails from application code into the infrastructure that runs it. Your Basic Qualifications: - Bachelor's Degree in Computer Science, Information Security, Software Engineering, or related fields. - At least 2 years of dedicated application security experience - At least 2 years of software development experience with individual contributions to production systems, - At least a total of 5 years of combined experience across both rigors. - Demonstrated production coding experience in at least one of: Python, TypeScript/JavaScript, Java, Go, or C# - not solely in an advisory, review, or scripting capacity. - Experience building or integrating security automation within a GitHub environment, including GitHub Actions. - Familiarity with threat modeling in a professional setting - Hands-on experience with large language models (LLMs) in a professional or project context, such as prompt engineering, API integration, or workflow automation. What You Should Bring: - Hands-on software development experience in at least one modern language (Python, TypeScript/JavaScript, Java, Go, or C#) with a track record of shipping working code- not just reviewing others'. - Strong expertise in application security fundamentals-OWASP Top 10, CWE, secure coding practices, threat modeling, and vulnerability assessment. - Experience operating or deeply integrating with SAST, DAST, SCA, and secret scanning tools. - Genuine enthusiasm for and hands-on experience with LLMs, prompt engineering, agentic workflows, or LLM-powered tooling-bonus points for things you have actually built and shipped. - Familiarity with secrets management platforms and patterns and with software supply chain / artifact management. - Working knowledge of cloud environments (AWS preferred; Azure or GCP welcome) and containerized workloads (ECS, EKS, Docker). - Familiarity with IaC scanning and the IaC ecosystem (Terraform, CloudFormation, Kubernetes manifests) - Strong communication skills; ability to translate security requirements into actionable engineering guidance and to represent AppSec in conversations with engineering partners. - Commitment to staying ahead of with emerging AppSec threats, tooling, and AI/LLM capabilities. Location & Work Flexibility This role is based at our Corporate Center in Indianapolis, IN. We offer a flexible hybrid work model, with three days onsite and two days working remotely each week, supporting both collaboration and work‑life balance. We are also open to considering fully remote candidates based on role requirements and business needs. Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status. Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women's Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups. Actual compensation will depend on a candidate's education, experience, skills, and geographic location. The anticipated wage for this position is $126,000 - $224,400 Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly's compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees. #WeAreLilly

Role Description We are seeking highly qualified scientists to contribute to a research initiative focused on building a strong scientific knowledge layer for advanced analytical systems. In this role, you will apply your expertise in biological sciences to: - Provide expert insight into biological feasibility, pathogen behavior, and experimental design - Review and interpret scientific literature across relevant biological and biosecurity-related domains - Evaluate laboratory methodologies and protocols for accuracy and relevance - Contribute structured, high-quality feedback to support research and model development - Apply scientific rigor to ensure outputs align with established biological principles Qualifications - PhD in Biology, Microbiology, Virology, Immunology, or a closely related field - Strong foundation in molecular and cellular biology concepts - Ability to critically analyze and synthesize complex scientific information Requirements - Hands-on experience with molecular biology techniques such as cloning, PCR, and cell culture - Demonstrated publication record in relevant scientific domains - Experience interpreting primary research literature, particularly in biosecurity-adjacent areas - Strong written communication skills with high attention to detail Benefits - Independent contractor role - Fully remote with flexible, self-managed schedule - Competitive compensation based on expertise and experience - Weekly payments via supported global payment platforms Additional Information - Work must not involve sharing confidential or proprietary information from any current or previous employer or institution - Projects may be extended, shortened, or concluded based on performance and business needs - This opportunity does not currently support certain work authorization categories Equal Opportunity Statement All qualified applicants will be considered without regard to legally protected characteristics. Reasonable accommodations are available upon request.

• Own pipeline creation strategy and execution for the cybersecurity services segment, from targeting through handoff to sales • Build and optimize multi-channel campaigns (digital, events, email, partner, and outbound support) to create marketing-sourced and influenced pipeline • Measure, forecast, and improve funnel conversion and deal velocity, tying activities directly to segment revenue goals • Define and continuously refine ICP, personas, and segment positioning across the vertical(s) the company serves • Lead competitive intelligence and market messaging frameworks, translating technical capabilities into outcome-oriented narratives aligned to compliance and risk-reduction drivers • Partner closely with product marketing, delivery, and sales leadership to align GTM priorities, support new offering launches, and bring segment-level market intelligence into positioning decisions • Create persona- and stage-specific enablement bundles (decks, one-pagers, talk tracks, short videos, email sequences) that support both technical and non-technical sellers • Develop battlecards, competitive matrices, and objection-handling frameworks for key competitors and alternatives (status quo, in-house, etc.) • Support cross-sell motions across the full portfolio by designing campaigns and enablement that help legacy reps and acquired sellers confidently introduce cybersecurity services into existing accounts • Use buyer insights, campaign performance data, and regular feedback loops with sales leadership to continuously improve enablement effectiveness and shorten time-to-close