Mitchell International, Inc. is a leading provider of information and workflow solutions to the Property & Casualty Claims Industry and their supply chain partners. We solve interesting and complex problems that directly affect the customers our clients serve. We are constantly adapting to stay on the forefront of emerging technologies and we work diligently to maintain our position as a thought leader within our industry.
Mitchell is looking for a Senior Application Security Analyst to manage the Vulnerability Management Program, within the Information Security & Risk Management Department. This role is an integral part of a rapidly growing technology firm. The primary function of this role is to manage the application vulnerability management program. This role will also contribute to Mitchell’s Secure Software Development Program. As a member of Information Security & Risk Management, this individual will also contribute to the Governance Risk Compliance Program as part of the organization’s overarching security and regulatory requirements (i.e. HIPAA, SOC1, SOC2, ISO27001, SOX, GLBA, GDPR, PIPEDA, NY Cybersecurity Law, etc.) and industry accepted practices in the security space.
The candidate will perform security assessments over a variety of areas, work with product delivery to validate vulnerabilities, define recommendations, prepare and present reports of assessment findings, and follow up on remediation of ongoing vulnerabilities with Product Delivery and relevant stakeholders. This role will develop, define, maintain, and communicate application security standards, and conduct application security audits. Furthermore, this candidate will be responsible for supervising and developing staff.
In addition to the compliance and assessment requirements of the Senior Application Security Analyst’s role, the candidate will have the opportunity to contribute and lead other areas within the Information Security & Risk Management arena. This includes projects related to such topics as: Security Governance, IT Security Risk Assessment, Compliance Audits, as well as various security initiatives.
Primary responsibilities include:
Provide security communication, awareness and training for audiences, which may range from front line staff to senior management.
Education: Bachelor’s Degree, preferably in Accounting Information Systems, Business Information Systems, Computer Science, Information Systems Engineering, or related field.
Experience: 3+ years of relevant experience or Master’s Degree.
Technical Skills & Experience: AppScan, Veracode, WebInspect, AppSpider, Burp Suite, Nexpose, Acunetix, WhiteHat, Nessus, Qualys, Metasploit, Snort, TCPDump, NMap, Wireshark, TCP/IP networking and routing protocols. Understand CIS, STIG, FISMA, SOC1 and SOC2 experience is a plus.
Licenses or Certifications: CISA, CISSP, CSSLP, SANS GWEB, Network+.