At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

What You'll Be Doing

As a Security Architect, you will serve as a technical lead for security consulting engagements, threat modeling initiatives, and third-party security assessments. You will develop threat models, security architectures, and reference patterns — including for cloud and hybrid environments — while providing guidance on secure design principles. This role involves close collaboration across teams to integrate security into the development lifecycle and evaluate vendor security posture. You will also leverage AI-powered tools to enhance the efficiency and depth of security assessments.

How You'll Succeed

• Technical expertise: Deep domain knowledge across security engineering, threat modeling, cloud architectures, application security, and third-party risk management. Ability to use AI tooling to accelerate and improve security work.
• Strategic thinking: Ability to develop reference architectures and integrate complex systems across on-premises and cloud environments, balancing security risk with business enablement.
• Consultative approach: Provide expert security guidance to teams, stakeholders, and external vendors throughout assessment engagements, including evaluating and advising on the secure use of AI platforms.
• Leadership: Lead technical initiatives and architecture reviews while mentoring junior security professionals.
• Innovation: Actively promote cloud-native security patterns and the responsible adoption of AI technologies across teams.
• Communication: Translate complex security concepts and technical risk findings into clear, business-friendly language for executive stakeholders and audiences with different technical backgrounds.

Key Responsibilities

• Develop and conduct threat modeling exercises across application, infrastructure, and cloud environments using established frameworks (MITRE ATT&CK, STRIDE, NIST 800-53, ISO 27001)
• Create and maintain security architectures and design patterns, including cloud and hybrid reference architectures
• Conduct security architecture reviews for internal initiatives, new technologies, and third-party vendors.
• Perform third-party security assessments, including vendor questionnaire reviews, SOC 2 evaluations, and risk acceptance documentation
• Leverage AI tools and technologies to streamline assessment workflows, analyze vendor documentation, identify risk patterns, and improve assessment quality and consistency
• Provide security consulting services across the organization, enabling business objectives while clearly communicating risk
• Develop and document security best practices, standards, and guidance — including responsible AI tool usage in security workflows
• Lead security briefings and workshops; mentor junior security engineers and drive adoption of security standards

Your Basic Qualifications

• High Schol Diploma/GED
• Deep expertise in threat modeling methodologies and security architecture design across cloud (AWS, Azure, GCP), SaaS, and hybrid environments
• Strong background in security consulting, risk assessment, and third-party cyber risk management, including SOC 2 review and HIPAA compliance evaluation
• Minimum seven years of cybersecurity or related experience
• Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization or visas for this role now or in the future, including but not limited to F-1 CPT, F-1 OPT, F-1 STEM OPT, J-1, H-1B, TN, O-1, E-3, H-1B1, or L-1.

What You Should Bring

• Bachelor's degree in Computer Science, Information Security, or related field preferred
• Experience with or willingness to adopt AI tools for document analysis, risk summarization, and pattern identification; understanding of AI/ML security considerations
• Knowledge of Zero Trust principles and major security frameworks (MITRE ATT&CK, STRIDE, NIST 800-53, ISO 27001)
• Excellence in technical documentation and executive-level risk communication
• Experience mentoring, collaborating across teams, and engaging stakeholders at varying levels of technical expertise
• Project management and strategic planning skills
• Commitment to continuous learning and professional development, including staying current on developments relevant to cybersecurity

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

$141,000 - $246,400

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly