Vacancy expired!
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 35,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We're looking for people who are determined to make life better for people around the world.
Organization Overview:Information Security, at Eli Lilly and Company, directs and demonstrates Lilly's commitment to responsible and effective management of information assets.Position Overview:The Application Security Engineer is responsible for managing all aspects of the Container Security Testing Service, including vulnerability identification, analysis, remediation coordination and reporting.Responsibilities:- Lead and deliver the Container Security Testing service to ensure containers are assessed for vulnerabilities and remediated based on risk.
- Technical subject matter expert for the Container Security Testing tools used to perform scans.
- Build relationships with internal and external customers and partner with them to monitor and coordinate remediation of vulnerabilities across corporate and business applications.
- Partner with Information Security Architecture to define and continually improve the Application Security Program.
- Develop processes and/or improve current processes related to Application Security Testing services.
- Coordinate with the Threat Intelligence Team and SOC to drive key vulnerability initiatives.
- Triage newly identified critical vulnerabilities and zero-day vulnerabilities, assess threat and impact information, and manage escalation processes for remediation based on risk.
- Follow departmental change management process to ensure appropriate implementation of metrics and reporting capabilities.
- Continuously improve the processes and procedures to include reporting exceptions/risk acceptance for further review including escalation to the appropriate risk owners.
- Interact with stakeholders to develop and fine-tune the process of how metrics are calculated and communicated.
- Provide written and oral communications as appropriate to the information security leadership related to Application Security quantitative metrics, reporting, and analysis.
- Bachelor's or Associate's degree plus 2+ years of related Information Security experience or application development and support experience.
- Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position.
- 2+ years of Advanced experience with:
- Security compliance procedures and providing automation where possible.
- Enforcing adherence to application security policies and procedures.
- Experience & Knowledge of OWASP Top 10, SANS 25, OSSTMM, MITRE ATT&CK Framework.
- Systems administration, security DevOps processes, system hardening, IAM, guardrails, and service control policies within cloud computing environments.
- Evaluation of threats and risk to business operations resulting in security solutions that appropriately balance cost and risk mitigation.
- Data analysis and problem resolution. Must be able to integrate and correlate large amounts of data to identify complex patterns and trends.
- Certified Information System Security Professional (CISSP).
- GIAC Certifications:
- Certified Security Essentials (GSEC)
- Certified Enterprise Vulnerability Assessor (GEVA)
- Certified Enterprise Defender (GCED)
- Certified Penetration Tester (GPEN)
- Certified Exploit Researcher & Advanced Penetration Tester (GXPN)
- Certified Incident Handler (GCIH)
- Experience with industry standard application security testing technologies, such as GitHub Advanced Security, Acunetix, Checkmarx, Fortify WebInspect, Rapid7 InsightAppSec, Qualys WAS or Burp Suite.
- Experience in DevSecOps and conducting end to end security testing of Applications - Web, Mobile, Thick Client, API & Web Services.
- Experience with automating processes for security testing, escalating, and reporting through scripting and working with API's.
- Experience with security compliance procedures and providing automation where possible.
- Experience with enforcing adherence to application security policies and procedures.
- Experience & Knowledge of OWASP Top 10, SANS 25, OSSTMM, MITRE ATT&CK Framework.
- Experience in systems administration, security DevOps processes, system hardening, IAM, guardrails, and service control policies within cloud computing environments.
- Evaluation of threats and risk to business operations resulting in security solutions that appropriately balance cost and risk mitigation.
- Data analysis and problem resolution. Must be able to integrate and correlate large amounts of data to identify complex patterns and trends.
- Applying good risk-based judgment to complex problems.
- Strong written and oral communication skills.
- Experience applying good risk-based judgment to complex problems.
- Ability to think analytically and to understand and communicate quantitative information.
- Ability to apply programming language structures (e.g., source code review) and logic.
- Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
- Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Knowledge of ethical hacking principles and techniques.
- Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
- Skill in the use of penetration testing tools and techniques.
- ID: #48674090
- State: Indiana Indianapolis 46201 Indianapolis USA
- City: Indianapolis
- Salary: USD TBD TBD
- Job type: Permanent
- Showed: 2023-01-19
- Deadline: 2023-03-15
- Category: Et cetera