The Vulnerability Management Program (VMP) Intern is assigned to the Operations Team at CIS. Reporting to the Director of Intelligence & Incident Response, the VMP intern will support partnerships with other cybersecurity team members to promote the CIS mission and help support our growth. The primary purpose of this position is to gain experience supporting essential VMP functions, such as vulnerability assessments and penetration tests for State, Local, Tribal, and Territorial (SLTT) governments. 

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry leading best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats.

• Conduct and support the analysis of basic vulnerability assessments
• Help prepare and deliver detailed vulnerability assessment reports
• Utilize manual and automated vulnerability management platforms and tools
• Support network and web application penetration tests under senior supervision
• Integrate and share information with other operations and business teams
• Other tasks and responsibilities as assigned

• 1 years of study in Penetration Testing, Cybersecurity, Computer Science, or related fields
• Knowledge of common Internet protocols, applications, and infrastructure
• Knowledge of vulnerability scanning tools (e.g., Nessus, Qualys, Nexpose)
• Knowledge of web app and penetration testing tools (e.g., Metasploit, BurpSuite, ZAP) 
• Strong oral and written communication skills
• Ability to maintain strict confidentiality
• The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions*
• Must be authorized to work in the United States

It's a plus if you have:

• Current or former graduate student in related fields
• Proficiency with scripting languages (e.g., Python, Bash, PowerShell)
• Work experience with vulnerability scanning, web app, and/or penetration testing tools

*Factors that may cause a negative Fitness Review decision include:

• Criminal Conduct
• Dishonest Conduct
• Employment Misconduct
• Alcohol Abuse
• Drug Use
• False Statements
• Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.