Security Engineer Graduate Intern (Summer 2026)

Sigma Computing•San Francisco, CA

1d•$50 - $50•Hybrid

About The Position

Sigma unlocks the value of data by delivering cloud-scale analytics and business intelligence with the simplicity of a spreadsheet, complete with pivot tables and dashboards. We empower business professionals and data teams to quickly explore, analyze, visualize, and collaborate, leveraging all of their data across the organization. Our internship program at Sigma: Sigma’s early career program is the launchpad for the next generation of engineers and innovators. As an Intern at Sigma, you’ll work on various Cyber Security domains and learn efficient Security engineering for large scalable systems/environments. Our interns connect directly with our Engineering teams, IT and customer facing teams across the organization everyday. We’re looking for students who bring curiosity, a spirit for collaboration, and a desire for securing the world. Sigma is shaping the future of business insights and data visualization. About the role: As a Security Engineering Graduate Intern, you will join a team dedicated to protecting our cloud and enterprise environments. We are looking for a current graduate student to join our security engineering team for a 12-week internship. This is a hands-on technical role where you’ll work alongside experienced engineers to defend our infrastructure across SaaS, cloud, endpoints, and identity platforms. You will bridge the gap between theoretical security and production-level defense, focusing on Detection Engineering, Incident Response, and Cloud Security Operations. This role is designed for students who are passionate about understanding attacker behavior and building the systems that stop them.

Requirements

Current student: You must be currently enrolled in a university graduate degree program in the U.S with a graduation date of December 2026 or later
Able to intern from June 2026 through early September 2026 (12 weeks)
Authorization: You must be legally authorized to work in the US during the Summer 2026 program
Visa sponsorship is not available for our internship positions
Located within the San Francisco Bay Area or willing to relocate during the internship. Relocation assistance will be provided for students who will need to relocate for the summer.
Able to work 40 hours per week (full-time) in a hybrid work model with a minimum of 4 days in office for in person collaboration with our team
Educational Background: Currently pursuing aMaster’s degree in Computer Science, Cybersecurity, or a related field, with the intent to return to school following the internship for at least one more term.
Technical Foundation: A solid understanding of networking (TCP/IP, DNS, HTTP) and at least one operating system (Linux or macOS).
Analytical Skills: The ability to parse and analyze logs from multiple sources to identify malicious patterns and security events.
Programming Proficiency: Comfort with scripting or automation using Python, SQL, or similar languages.
Mindset: A deep curiosity about how attackers operate, strong analytical thinking, and a drive to solve real-world security problems at scale.

Nice To Haves

Hands-on exposure to SIEM, EDR, or cloud platforms (AWS, GCP, Azure), and a familiarity with the MITRE ATT&CK framework.

Responsibilities

Detection & Response: Triage and investigate security alerts from a diverse stack including SIEM, EDR, WAF, and DLP platforms. You’ll help refine these systems by tuning "detections-as-code" to reduce noise and improve signal quality.
Threat Hunting: Conduct hypothesis-driven hunts across telemetry data (cloud, identity, and network) to uncover emerging threats that may have bypassed automated defenses.
Detection Engineering: Research attacker TTPs and use the MITRE ATT&CK framework to develop and deploy new detection logic.
Cloud & SaaS Security: Analyze cloud configurations and IAM policies to identify misconfigurations, support vulnerability remediation, and validate security best practices.
Endpoint & Email Defense: Investigate suspicious macOS activity, analyze malicious emails, and support internal phishing simulation programs.
Documentation: Contribute to the team’s knowledge base by documenting processes, findings and creating playbooks that improve the broader team's response capabilities.