Mitchell International, Inc. is a leading provider of information and workflow solutions to the Property & Casualty Claims Industry and their supply chain partners. We solve interesting and complex problems that directly affect the customers our clients serve. We are constantly adapting to stay on the forefront of emerging technologies and we work diligently to maintain our position as a thought leader within our industry.

Mitchell is looking for a Senior Application Security Analyst to manage the Vulnerability Management Program, within the Information Security & Risk Management Department. This role is an integral part of a rapidly growing technology firm. The primary function of this role is to manage the application vulnerability management program.  This role will also contribute to Mitchell’s Secure Software Development Program.  As a member of Information Security & Risk Management, this individual will also contribute to the Governance Risk Compliance Program as part of the organization’s overarching security and regulatory requirements (i.e. HIPAA, SOC1, SOC2, ISO27001, SOX, GLBA, GDPR, PIPEDA, NY Cybersecurity Law, etc.) and industry accepted practices in the security space.

The candidate will perform security assessments over a variety of areas, work with product delivery to validate vulnerabilities, define recommendations, prepare and present reports of assessment findings, and follow up on remediation of ongoing vulnerabilities with Product Delivery and relevant stakeholders. This role will develop, define, maintain, and communicate application security standards, and conduct application security audits.  Furthermore, this candidate will be responsible for supervising and developing staff.

In addition to the compliance and assessment requirements of the Senior Application Security Analyst’s role, the candidate will have the opportunity to contribute and lead other areas within the Information Security & Risk Management arena. This includes projects related to such topics as: Security Governance, IT Security Risk Assessment, Compliance Audits, as well as various security initiatives.

Primary responsibilities include:

• This role will schedule, monitor, and maintain application vulnerability security tools
• Provide support and resolution for scanning and vulnerability remediation matters
• Advise and coordinate across multiple groups, providing reasonable approaches to mitigate risks
• Develop, define, maintain, and communicate secure software development policies, procedures, standards, and guidelines
• Actively contribute and manage a wide array of security projects. It will require out-of-the-box thinking, as the Information Security & Risk Management office is heavily consulted on a wide range of items
• Monitors and reports on compliance with security policies, as well as the enforcement of policies within the IT department and throughout the organization, as well as with industry regulations, including HIPAA, GLBA, GDPR, ISO27001, and PIPEDA, and NY Cybersecurity Law
• Proposes changes to existing policies and procedures to ensure operating efficiency and regulatory compliance

Provide security communication, awareness and training for audiences, which may range from front line staff to senior management.

Education: Bachelor’s Degree, preferably in Accounting Information Systems, Business Information Systems, Computer Science, Information Systems Engineering, or related field.

Experience: 3+ years of relevant experience or Master’s Degree.

• Good oral and presentation skills; excellent interpersonal skills
• Proficient grammar, sentence structure and advanced report writing and technical writing skills
• At least 3 years experience preferred in application security vulnerability management
• At least 3 years experience preferred with tools and processes used in application vulnerability testing
• At least 3 years experience preferred in security threats, solutions, security tools and network technologies along with keen ability to diagnose and troubleshoot technical issues
• Knowledge and experience with .Net, Java, C# (one of these three).
• HTML5, JavaScript, Python, Visual Studio, Eclipse, TFS, Jera, BASH Shell, PowerShell, and Regular Expressions (are a plus)
• Strong proficiency in Microsoft Word, Excel, and PowerPoint.

Desired:

• Knowledge and experience with extreme programming, code coverage, Lean Agile, DevOps, and CICD
• Security – understanding or experience in cryptography, key management, ciphers, and account access
• Understanding of system architecture, application architecture, and software architecture patterns such as microservices, and event-driven architecture patterns.

Technical Skills & Experience:  AppScan, Veracode, WebInspect, AppSpider, Burp Suite, Nexpose, Acunetix, WhiteHat, Nessus, Qualys, Metasploit, Snort, TCPDump, NMap, Wireshark, TCP/IP networking and routing protocols. Understand CIS, STIG, FISMA, SOC1 and SOC2 experience is a plus.

Licenses or Certifications:  CISA, CISSP, CSSLP, SANS GWEB, Network+.

Mitchell International, an equal opportunity employer, values the diversity of our workforce and the knowledge of our people.  Mitchell will not discriminate against an applicant or employee on the basis of race, color, religion, national origin, ancestry, sex/gender, age, physical or mental disability, military or veteran status, genetic information, sexual orientation, gender identity, gender expression, marital status, or any other characteristic protected by applicable federal, state or local law.