Intern Infrastructure Security Engineer

About The Position

Requirements

• Current student or early-career candidate pursuing cybersecurity, computer science, information systems, cloud computing, infrastructure, software engineering, or a related field.
• Interest in infrastructure security, cloud security, vulnerability management, detection engineering, security automation, or secure systems operations.
• Familiarity with basic cloud concepts, Linux, networking, identity and access management, Git, scripting, or common security topics.
• Curiosity, good judgment, and willingness to ask questions.
• Strong written communication skills and ability to document findings, evidence, and recommendations clearly.
• Ability to work with a team, follow guidance, and handle sensitive information responsibly.

Nice To Haves

• Coursework, labs, CTF participation, personal projects, or prior internship experience related to cybersecurity, infrastructure, cloud computing, or systems administration.
• Exposure to tools or concepts such as AWS, GCP, vulnerability management, CSPM, CNAPP, SIEM, runtime security, IAM, Terraform, Linux, containers, or incident response.
• Basic scripting experience in Python, Bash, PowerShell, Go, JavaScript, or a similar language.
• Experience creating documentation, dashboards, scripts, small tools, or workflow improvements.
• Interest in learning how security teams balance risk reduction, engineering partnership, operational impact, and compliance requirements.

Responsibilities

• Learn the structure, goals, and day-to-day operating model of the Commerce Infrastructure Security program.
• Support improvements to infrastructure security tooling, reporting, documentation, dashboards, and team processes.
• Assist with organizing or refining vulnerability management workflows, cloud security findings, intake processes, remediation tracking, or knowledge base materials.
• Shadow Infrastructure Security engineers during cloud security reviews, vulnerability triage, remediation discussions, incident response activities, and engineering partnership meetings.
• Participate in guided hands-on security activities such as researching vulnerabilities, validating findings, reviewing cloud configuration risks, testing remediation outcomes, or improving detection context.
• Observe how the team partners with infrastructure, platform, engineering, GRC, legal, incident response, and business stakeholders.
• Contribute to a guided intern project that helps the team improve how infrastructure security work is measured, communicated, automated, or scaled.
• Present a short summary of learnings, recommendations, and completed work at the end of the internship.

Benefits

• Six-week summer internship
• Hybrid/remote opportunity
• Mentorship from security engineers
• Exposure to engineering partnership models
• Clearer understanding of potential career paths in infrastructure security, cloud security, detection engineering, security operations, and cybersecurity.