Vulnerability Management Intern

Job Description Summary

For over forty years, HarbourVest has been home to a committed team of professionals with an entrepreneurial spirit and a desire to deliver impactful solutions to our clients and investing partners. As our global firm grows, we continue to add individuals who seek a collaborative, open-door culture that values diversity and innovative thinking.

In our collegial environment that's marked by low turnover and high energy, you'll be inspired to grow and thrive. Here, you will be encouraged to build on your strengths and acquire new skills and experiences.
 

We are committed to fostering an environment of inclusion that promotes mutual respect among all employees. Understanding and valuing these differences optimizes the potential of both the individual and the firm.
 

HarbourVest is an equal opportunity employer.
 

This position will be a hybrid work arrangement. You will receive 18 remote workdays per quarter to use at your discretion, subject to manager approval. For example, you may choose to work in the office 4 days per week and take one remote day weekly (typically 13 weeks per quarter), leaving 5 additional remote days to be used as needed.
 

This intern will work in a multi-functional capacity, supporting infrastructure, application, and business teams in identifying, assessing, and remediating vulnerabilities across the enterprise. The intern will gain hands-on experience in the vulnerability lifecycle, including scanning, prioritization, and remediation tracking. They will also support incident response efforts, assisting with identifying, isolating, eliminating, and restoring activities under the mentorship of senior team members.
 

THE IDEAL CANDIDATE IS SOMEONE WHO IS:

• Passionate about cybersecurity, determined, and collaborative

• Comfortable working with data and eager to learn how to report on metrics

• Adaptable and able to work optimally across global time zones

• Committed to ethical practices and maintaining the highest standards of honesty and visibility

• A self-starter proficient in functioning independently, thinking critically, and prioritizing tasks effectively

• Proactive in identifying and flagging potential issues before they advance

• A good communicator, both written and verbally

• Familiar with or interested in learning common cybersecurity frameworks (ISO27001, NIST CSF & 800-53, etc.)
   

WHAT YOU WILL DO:

• Support vulnerability scanning activities across infrastructure, applications, containers, and cloud environments.

• Assist with risk assessments and help prioritize vulnerabilities based on CVSS scores, threat intelligence, and business context.

• Help maintain and configure vulnerability management platforms under the mentorship of senior engineers.

• Assist in the response to high-profile vulnerabilities (e.g., zero-days, critical CVEs), contributing to impact analysis and remediation coordination.

• Help track enterprise-wide SLA compliance for vulnerability remediation across asset classes.

• Assist in analyzing SLA trends and identifying non-compliance patterns.

• Support the maintenance of dashboards and reporting mechanisms to deliver actionable insights for security teams.

• Assist with incident response activities, including detection, containment, eradication, and recovery efforts.

• Contribute to the improvement of incident response playbooks and documentation.

• Stay informed on industry trends, tools, and guidelines in vulnerability management and incident response.
   

WHAT YOU BRING:

• Currently pursuing a Bachelor's degree in Computer Science, Information Security, Engineering, or a related field.

• Foundational understanding of cybersecurity concepts, vulnerability management, or incident response.

• Basic familiarity with cloud platforms (AWS, Azure) and/or container environments is a plus.

• Exposure to compliance frameworks and standards is beneficial but not required.

• Strong problem-solving skills, flexibility, and the ability to take initiative.

• Superb communication skills and the ability to work cross-functionally with Engineering, Product, and DevOps teams.

• Eagerness to learn vulnerability scanning technologies, CVSS scoring, and threat modeling.

• Any relevant certifications (e.g., CompTIA Security+, CEH, or similar) are a plus but not required.
   

EDUCATION PREFERRED

• Currently enrolled in a BS program in Computer Science, Information Security, or equivalent.
   

EXPERIENCE

• Prior internship, coursework, or lab experience in cybersecurity is a plus.

• Hands-on experience with security tools or CTF competitions is a bonus.