Intern Infrastructure Security Engineer

About The Position

Requirements

• Current student or early-career candidate pursuing cybersecurity, computer science, information systems, cloud computing, infrastructure, software engineering, or a related field.
• Interest in infrastructure security, cloud security, vulnerability management, detection engineering, security automation, or secure systems operations.
• Familiarity with basic cloud concepts, Linux, networking, identity and access management, Git, scripting, or common security topics.
• Curiosity, good judgment, and willingness to ask questions.
• Strong written communication skills and ability to document findings, evidence, and recommendations clearly.
• Ability to work with a team, follow guidance, and handle sensitive information responsibly.

Nice To Haves

• Coursework, labs, CTF participation, personal projects, or prior internship experience related to cybersecurity, infrastructure, cloud computing, or systems administration.
• Exposure to tools or concepts such as AWS, GCP, vulnerability management, CSPM, CNAPP, SIEM, runtime security, IAM, Terraform, Linux, containers, or incident response.
• Basic scripting experience in Python, Bash, PowerShell, Go, JavaScript, or a similar language.
• Experience creating documentation, dashboards, scripts, small tools, or workflow improvements.
• Interest in learning how security teams balance risk reduction, engineering partnership, operational impact, and compliance requirements.

Responsibilities

• Learn the structure, goals, and day-to-day operating model of the Commerce Infrastructure Security program.
• Support improvements to infrastructure security tooling, reporting, documentation, dashboards, and team processes.
• Assist with organizing or refining vulnerability management workflows, cloud security findings, intake processes, remediation tracking, or knowledge base materials.
• Shadow Infrastructure Security engineers during cloud security reviews, vulnerability triage, remediation discussions, incident response activities, and engineering partnership meetings.
• Participate in guided hands-on security activities such as researching vulnerabilities, validating findings, reviewing cloud configuration risks, testing remediation outcomes, or improving detection context.
• Observe how the team partners with infrastructure, platform, engineering, GRC, legal, incident response, and business stakeholders.
• Contribute to a guided intern project that helps the team improve how infrastructure security work is measured, communicated, automated, or scaled.
• Present a short summary of learnings, recommendations, and completed work at the end of the internship.

Benefits

• Compensation Transparency The national base salary range for this role is posted above in this job post. Final compensation will be determined based on factors such as relevant experience, skills, qualifications and geographic location. We also consider internal equity to help ensure fair and consistent pay practices across our teams. Where applicable, this role may also be eligible for variable compensation (such as bonus or commission), equity, and benefits in accordance with local policies. Details will be shared during the hiring process. We are committed to equitable and transparent pay practices that align to market data, internal equity, and individual contribution.