Cyber Strategy and Compliance Intern

We are currently looking for Consulting Interns for our Security, Privacy and Risk Consulting practice. The candidate will work with teams of security and privacy staff in a wide variety of systems environments.   

Our Security, Privacy and Risk Consulting team serves the Information Security and Data Privacy related needs of our clients. This team assists clients with selecting, improving, controlling, securing, managing and monitoring the appropriate systems to address their information needs.  We serve a diverse base of clients in a variety of industries, and understanding how technology impacts the operation and growth of organizations is what we do best. 

SPR Cyber Strategy and Response interns provide quality consulting services to the Firm's clients by performing the duties and responsibilities listed below in an efficient and effective manner. 

Examples of candidate's responsibilities include: 

• Assess security of client networks, hosts, and applications 

• Determine technical, business impact and likelihood of identified security issues and provide remediation guidance to clients 

• Perform analysis and testing to verify the strengths and weaknesses of mobile and web applications and web services (SOAP, WSDL, UDDI) 

• Perform Internet penetration testing using blackbox and whitebox methodologies 

• Review application code, system configurations and device configurations using manual and automated techniques 

• Measure and report clients’ compliance with established industry or government requirements 

• Identify leaked client data on open and closed (Deep and Dark Web) sources  

• Perform analytical investigations into specific threat actors, ransomware, and campaigns 

• Communicate technical findings to a non-technical audience effectively 

• Create and review threat intelligence programs for clients using established intelligence models 

• Work with RSM consulting professionals with a variety of credentials including Certified Ethical Hacker (CEH), Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified Threat Intelligence Analyst (CTIA®) 

Basic Qualifications: 

• Technical background in computer science and cybersecurity related fields 

• Strong knowledge of computer network technologies, protocols/topologies, digital forensics and endpoint protection, or threat intelligence 

• Software development, programming and/or scripting experience (Perl, Python, C, Java, PHP, ASP, etc.) 

• Ability to track threat actors across Dark Web criminal forums and marketplaces and ability to communicate findings 

• Ability to track malware campaigns and understand adversarial activity from an intelligence perspective 

• Basic understanding of intelligence, including intelligence lifecycle, Kill Chain, Diamond model, and Priority Intelligence Requirements 

• Proven track record of an analytical and curious mindset in problem solving 

• The ability to interpret and convey technical information through written and oral communications to all levels of technical aptitude, including senior management 

• High degree of integrity and confidentiality, as well as ability to adhere to company policies and best practices 

• Possess a strong internal drive and motivation for continuous improvement 

Preferred Qualifications:  

• Pursuing a B.A. or B.S. degree or equivalent certification from an accredited university, academy or technical school by the time employment commences in Computer Science, Information Technology, Information Systems Management, Information Security, intelligence, digital forensics, cybersecurity or other similar degrees. 

• Practical hands-on or lab experience with IT infrastructure components such as servers, firewalls, IDS systems and other network infrastructure components 

• Practical hands-on or lab experience with security applications, such as a AppScan, Metasploit, BurbSuite, Nessus, Social Engineering Toolkit, Kali Linux, etc., or other commercial and public domain security tools 

• Operating system configuration and security experience (HP-UX, Linux, Solaris, AIX, etc.) 

• Configuration and security experience with web servers and web applications (Apache HTTP/Tomcat, Microsoft IIS, Sun One, Oracle iPlanet, IBM WebSphere, etc.) 

• Database Configuration and Security experience (MySQL, Microsoft SQL, IBM DB2, Sybase, Oracle, etc.) 

• Familiar with security testing techniques such as network discovery, port and service identification, vulnerability scanning, network sniffing, fuzzing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing and password cracking 

• Internship or overall experience with threat intelligence vendor or familiarity with various threat intelligence tools and platforms 

• A minimum 3.0 GPA is preferred.