Markel
Markel 2026 Global Security Services Internship - Application Security
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Markel
Markel Group Inc. is a diversified global financial holding company based in Richmond, Virginia. Founded in 1930, it initially provided insurance for the trucking and jitney bus industries. Over the years, Markel has evolved into a Fortune 500 company, offering a wide range of services including insurance, reinsurance, investments, and non-insurance ventures. The company operates in multiple sectors and has expanded internationally, with a presence in 18 countries and around 14,000 employees. Markel's core operations are divided into insurance and reinsurance, with a significant focus on specialty insurance through its divisions, including Markel Assurance and Markel Specialty. The company also engages in non-insurance investments through Markel Ventures, targeting scalable businesses in various industries such as manufacturing, consumer services, and healthcare. Markel aims to leverage its underwriting profits for strategic investments, fostering long-term growth and stability.
Security at Markel
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Markel's Application Security (AppSec) philosophy emphasizes partnering closely with their AppSec team. They value collaboration with developers, DevOps, and security teams. Their risk philosophy acknowledges that "The cyber risk landscape is increasingly complex."Stated goals include assisting with vulnerability triage and coordination with development teams, evaluating and documenting findings from automated security tools (SAST/DAST/API scanning), and participating in threat modeling sessions and security reviews. However, explicit written AppSec mission statements beyond job-role descriptions and explicit internal philosophy documents (e.g., "developer-first"phrasing) are not publicly available.”
Security Team
The organizational structure and reporting line for Markel's AppSec team are not publicly available. Key public-facing leaders include Patricia (Patti) Titus, Chief Privacy and Information Security Officer, and Dan Fox, Head of Cyber for Markel International, who manages a 12-person team of underwriters and underwriting assistants (this describes the Cyber underwriting team, not AppSec headcount). An explicit public count for Markel's AppSec headcount or team size is not available. A LinkedIn search query for "site:linkedin.com Markel "Application Security" OR "AppSec" OR "Security Engineer""did not yield public LinkedIn summaries for AppSec team members on Markel-owned pages. As of, there is 1 active AppSec job posting (Application Security Intern). Common skill/tool patterns from job postings include SAST/DAST/API scanning, interest in cybersecurity frameworks (OWASP Top 10, NIST, etc.), and bonus points for GitHub, Burp Suite, and Postman. An explicit list of AppSec team tools beyond general categories is not publicly available.
Key Initiatives
No public materials were found describing a Security Champions program at Markel. Evidence for "Shift Left"practices includes participation in threat modeling sessions and security reviews, and support for secure code review workflows under guidance, as indicated in an internship posting. For vulnerability management, intake involves assisting with vulnerability triage and coordination with development teams. However, verbatim public SLAs, MTTRs, or ticketing ownership statements for AppSec remediation processes are not publicly available. Secure SDLC artifacts include participation in threat modeling sessions and security reviews, and support for secure code review workflows. Recent initiatives (last 6 months) show Markel's emphasis on proactive cyber risk management through customer-facing cyber services, such as launching pre-loss services for UK cyber clients and partnering with Black Kite. Internal AppSec program roadmaps, recent tool rollouts specific to AppSec, or detailed workflows (e.g., CI/CD plugin usage, IDE integrations) are not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.