Co-op, InfoSec

Strand Therapeutics Inc•Boston, MA

47d•$30 - $33

About The Position

Strand is looking for people who have the enthusiasm and motivation to be a highly contributing member of a small but extremely productive team. This opportunity will offer the employee the ability to work in a matrix-based environment and be a part of the future strategy of the company. We are looking for a highly motivated and innovative candidate for the role of Co-op of Information Security (InfoSec). This is a fantastic opportunity to make a significant impact as a scientifically motivated self-starter capable of independently conceiving, conducting, and critically analyzing their own work with minimal supervision.

Requirements

On track to graduate with a B.S. or M.S. in Information Technology, Cybersecurity, Data Science or related field. Experience in the biotechnology space is a plus.
Basic knowledge of log monitoring, including sign-in logs, admin changes, and simple alerts.
Understanding of endpoint protection features such as full-disk encryption, screen lock and automatic updates.
Familiarity with core security practices - secure passwords, multi-factor authentication (MFA), and recognizing phishing attempts.
Awareness of sensitive data types, including PII, PHI, financial data, and trade secrets.
Some familiarity with NIST and ISO 27001 security frameworks.
Basic understanding of cloud security concepts, such as SaaS/PaaS protections, shared responsibility models, least-privilege access, encryption, and access reviews.
Experience or interest in PowerShell scripting for basic task automation.
Enthusiasm for learning more about Microsoft Entra and Microsoft Intune.
Curiosity about how data labels and rules safeguard information, email, and file sharing.
Ability to follow standard operating procedures, make careful observations, maintain clear and complete records of project work.

Responsibilities

Maintain an up-to-date device inventory, ensuring each device is correctly assigned in Microsoft Entra.
Review and clearly describe basic security alerts and findings in simple language.
Test security changes safely in controlled environments and document outcomes.
Develop and store security awareness tips (e.g., safe emailing, secure file sharing).
Keep organized audit records noting actions, dates, and reasons.
Ensure endpoint protections like encryption, screen locks, and automatic updates are active on all devices.
Verify antivirus and endpoint protection tools are enabled and updated.
Monitor systems for potential breaches, follow protocols, and report findings and incidents.
Respond to vulnerability scans by identifying issues, updating reports, and tracking resolutions.
Learn and assist with Data Loss Prevention (DLP) processes-testing, documenting incidents, and supporting rule adjustments.