Principal Security Architect

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Security Architect

What You'll Be Doing:

As a Security Architect, you will develop comprehensive threat models and conduct security reviews across key technology domains while creating proactive security guidance through reference architectures. You will analyze security requirements for various projects, develop threat modeling frameworks, and contribute to cybersecurity policy development. This role involves translating security principles into practical architectural guidance while ensuring consistent security standards across the organization.

How You'll Succeed:

• Technical expertise: You will demonstrate deep knowledge of threat modeling methodologies and security architecture principles across diverse technology environments.

• Proactive guidance: Success requires the ability to develop reference architectures and design patterns that prevent security issues before they occur.

• Risk assessment: You will effectively evaluate security risks and translate findings into actionable recommendations for development teams.

• Policy contribution: Strong ability to analyze cybersecurity policies and provide informed recommendations based on technical expertise.

• Collaborative execution: You will work effectively with cross-functional teams to implement security improvements and architectural standards.

• Continuous improvement: Refine threat modeling processes and security review methodologies to enhance organizational security posture.

Key Responsibilities:

• Develop and maintain comprehensive threat models for applications and systems

• Conduct security architecture reviews for projects and initiatives

• Create reference architectures and security design patterns

• Provide proactive security guidance to development and engineering teams

• Analyze and recommend updates to cybersecurity policies and standards

• Implement threat modeling frameworks using industry methodologies

• Perform security assessments and identify architectural vulnerabilities

• Develop security requirements and controls for various technology domains

• Collaborate with teams to integrate security into design processes

• Document security best practices and architectural guidance

• Conducting threat modeling, performing security reviews, developing reference architectures, and contributing to cybersecurity policy development.

What You Should Bring:

• Strong technical expertise in security architecture and threat modeling methodologies

• Experience with security and threat modeling frameworks (MITRE ATT&CK, NIST, STRIDE, etc.)

• Proven track record of conducting security reviews and architecture assessments

• Knowledge of reference architecture development and design pattern creation

• Understanding of cybersecurity policies, standards, and regulatory requirements

• Experience translating security requirements into technical implementations

• Strong analytical and problem-solving skills for complex security challenges

• Proficiency in documenting security guidance and best practices

• Ability to work collaboratively with technical and business stakeholders

• Commitment to staying current with emerging threats and security technologies

• Technical collaboration: Working with development teams, conducting security assessments, creating architectural guidance, and contributing expertise to policy development initiatives.

Your Basic Qualifications:

• Bachelor's Degree in Computer Science, Information Security, or related field OR High School Diploma/GED with 4+ years of experience in Information Security or related field

• At least five years of experience in security architecture, threat modeling, or related discipline

• Qualified candidates must be legally authorized to be employed in the United States. The company does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) now or in the future.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly