Job ID 125855
This is a remote internship within the United States. Candidates that can start in January 2024 will be given priority. Preferred candidates will have the following characteristics:
- Enrolled in a university program in the Spring of 2024
- In their Junior or Senior year
- Declared their major as “cybersecurity” or equivalent
The primary purpose of the Internship is to provide an intern with relevant field experiences in cybersecurity. One or more mentors will be assigned to the intern to provide instruction, guidance and to assess performance. The intern is responsible for observing the functions and processes of the assigned work unit. In addition, the intern may be given selected work assignments to reinforce the learning experience, to assess the performance levels and to provide benefit to the work unit. The intern will be responsible for completing all internship-related assignments and reports for both Mayo and the participating educational facility. The duration and timing of the internship will be arranged with the intern.
Mayo Clinic will not sponsor or transfer visas for this position including F1 OPT STEM.
Additional information specific to this internship:
What we do:
The Security Testing Team (STS) within the Mayo Clinic Office of Information Security (OIS) is responsible for enterprise vulnerability management. That is, we detect and report vulnerabilities (CVEs), as well as report the number of assets affected by a particular vulnerability. We assign a risk level based on a number of factors, including if it is being exploited by a threat actor reportedly attacking healthcare or a related organization type. Our team provides the following services to Mayo Clinic:
- Continuous Monitoring and Scheduled Tests
- Static and Dynamic Application Security Testing
- Enterprise Asset Scanning (Servers, Endpoints, Containers, IoT, etc)
- Phishing Simulation
- Daily Vulnerability Assessment and Coordination of newly announced industry threats
- Point-in-Time Testing Driven by a Risk-Based Queue
- Technical Vulnerability Assessments
- Penetration Testing
- Red Team Operations
Much of our work effort goes toward improving automation of processes and “shifting security left”. We do this so code developers and asset owners can receive vulnerability information as soon as possible to begin remediation. Improving IT hygiene allows our manual testing team to focus on the vulnerabilities that are not found with automated tools.
What we do not do and what you may not receive experience in:
First and foremost, our team does not lead incident response or use tools that monitor for potential attacks. We may be called to provide support, but another team in OIS is responsible for Mayo’s security monitoring and incident response process. We also do not lead forensic investigations, develop or assess security policies or evaluate security architecture, but may provide support when requested. This is not an exhaustive list, but at a high level, if the job function does not involve vulnerability management, testing, or application security it is not going to be the focus of the internship.
Working on our team will give you a good understanding of how to implement and operate an enterprise vulnerability management program. A successful candidate will be asked to perform a fair amount of self-study and possess a proactive work-ethic. Knowing when to “try harder” and when to ask for help is key to learning and to have fun.
The incumbent must be enrolled in a bachelors, masters or graduate degree program from a college or university. Typically, this internship would occur after the student has taken most of the courses required by the degree program.
Where applicable – the degree program must require an internship as a graduation requirement (or offer as a credit option).
This position has a predetermined rate of $25.00 per hour.
Hours will be arranged with supervisor based on incumbents academic calendar.
- Rochester, MN
- Full Time
- Information Security
Location: US (Remote)