Information Security Intern
This role is for someone who is looking to develop their information security knowledge by contributing to security team operations. Some information security, development, or information technology foundational knowledge (whether through work experience, education or self-taught) is required for this position. Your ability to successfully carry out cross-functional work will require strong communication skills, patience, and a solution-oriented attitude.
You'll start remote and will eventually join us in our brand new North Station HQ, working with an energized team that cares deeply about the success of these initiatives, and leadership that values work-life balance, an inclusive culture, and your career development.
Day In The Life:
The UX team wants to purchase a new tool, and you're helping with a security assessment of the tool they've selected. You start the day by meeting with a UX manager where you learn how the tool would be used, what data it would process, and what integrations with existing business tools would be required. This context is critical to understanding how the tool might introduce risk to Rapid7. Later today, you'll review the documentation provided by the vendor to see what security practices they have in place. You might also assist with scanning the tool for known vulnerabilities. You’ll provide your findings to a senior team member, who will use this information to determine whether the tool can be approved for use at Rapid7.
You check your ticket queue and see that you've received some security and privacy questions from a customer. You're able to answer most of them by referring to Rapid7's policies, and you send the remaining questions over to a team member in Product Security, ensuring they have enough context to address them thoroughly.
After lunch, you might spend a couple of hours working on automating a process the infosec team has been performing manually, validating pentest findings, or updating the Information Security Whitepaper Rapid7 provides to its customers... it's up to you! There is some flexibility in what you’ll work on during this internship based on your strengths and interests.
Assist senior members of the security team with information security operations. There is flexibility in where your work will be focused based on your strengths and interests, but it will include some combination of the following:
Third party risk management efforts (security assessments of potential Rapid7 partners/vendors)
Addressing questions about Rapid7's internal security program from customers, prospects, and auditors
Security awareness and culture initiatives throughout the company
Identity and access management
Compliance and privacy program maintenance
Any experience (whether work experience, formal education, or self-taught) in information security, OR development, OR information technology (experience in all three of these areas is not required!)
Strong communication abilities, ability to work with technical and non-technical stakeholders.
Nice-to-haves (NOT requirements)
Understanding of security standards and best practices
Experience using information security tools
Experience using AWS
Experience with marketing and communication campaigns that could be applied to security documentation and/or security awareness training