Undergraduate Intern – Cybersecurity Analyst
2020 Summer Internship Program
FINRA is dedicated to providing you an internship opportunity to gain knowledge and experience in the securities industry with an employer that places a high value on the professional and personal growth of our employees. We set the bar high – we are looking for interns that are strong academically, can bring results, and are committed to exceeding expectations. We need you to represent the highest standards of personal integrity and organizational values. If you would like to contribute to our important mission and work collegially in a professional organization that values intelligence, integrity and initiative, then consider an Internship with FINRA.
We are seeking an eager, self starter for a Cybersecurity Analyst Undergraduate Internship with our FINRA CAT Cybersecurity office in Rockville, MD. The Summer Internship Program runs from May 18, 2020 through August 7, 2020. To be considered for this position, please submit your resume through our career site at www.finra.org/careers. No phone calls please.
FINRA CAT builds and operates the Consolidated Audit Trail (CAT), a financial securities industry utility that tracks national market system orders throughout their life cycle, giving regulators the ability to efficiently monitor and analyze activity in U.S. markets and ensure their fairness and integrity.
FINRA CAT is a state-of-the-art, petabyte scale “Big Data”, cloud-native system built on AWS. It ingests billions of market events from the exchanges and broker-dealers every day, links these events across all participants in each transaction, and provides industry regulators and the SEC with the ability to efficiently query this data to fulfill their regulatory missions.
Securing this data is the mission of the FINRA CAT Cybersecurity team. As a member of our team, you’ll be a part of ensuring that the CAT is designed, built, and operated in a secure and compliant manner. In doing so, you’ll have the opportunity to gain experience with AWS, Big Data systems, cybersecurity tools and processes, agile software development in a secure Software Development Lifecycle (SDLC), cybersecurity standards and audit processes (e.g. NIST SP800-53), and more.
Essential Job Functions:
The Cybersecurity Analyst will perform or assist with many of the following duties:
- Perform risk management, including applying the processes and tools used in the identification, assessment, tracking, remediation, verification, and acceptance of risks.
- Verify that the system and organization complies with government, industry, and contractual regulations, standards, guidelines, and requirements. This includes maintenance of the System Security Plan (SSP) based on NIST SP800, ensuring that security requirements are defined and implemented for all controls defined in the SSP, coordination with and facilitation of auditors, and related responsibilities associated with NIST SP800.
- Perform threat assessments. Research and report on security threats and evaluate risks. Identify uncontrolled risks and recommend control improvements.
- Assist with defining security control requirements and test cases, and leveraging SDLC processes to ensure those requirements are effectively implemented.
- Assess IT system security, including the security of AWS services.
- Perform security monitoring and threat hunting using tools such as Splunk. Respond to and triage security alerts. Create dashboards and tune monitoring tools to improve accuracy and reduce false positives.
- Evaluate and improve security and compliance processes, using automation where appropriate to ensure efficiency and consistency.
- Assist with security operations, include such processes as access request evaluations and reviews.
- Develop, review, edit, and maintain policies, standards, procedures, and other governance artifacts, in collaboration with subject matter experts.
- Research, analyze, and report on cybersecurity threats affecting the industry, new and evolving security control solutions, and other cybersecurity matters. Develop reports and artifacts that communicate the cybersecurity posture of the system and organization, and other cybersecurity topics as may be necessary to communicate cybersecurity matters to both technical and business stakeholders.
Experience with any of the following tools and technologies is a plus. Motivated candidates who are self-starters are encouraged to apply and take advantage of this opportunity to gain experience with some of these technologies:
- Splunk, and Splunk Enterprise Security
- SailPoint Identity IQ
- NIST SP800 (esp. NIST SP800-53)
- Python or other scripting languages
- MS Office suite of productivity tools, including Office, Excel, and PowerPoint.
- The ideal candidate will likely be pursuing an undergraduate degree in Cybersecurity, Information Technology, Computer Science/Engineering, or a related field.
- Only candidates entering their third or fourth year of undergraduate studies or pursuing graduate studies will be considered. Work experience in a financial, brokerage or investment environment is a plus but is not necessary.
- Strong work ethic, positive attitude and professional demeanor.
- Effective communication, time management, and organizational skills.
- Ability to work with others to meet deadlines.
- Ability to perform multiple tasks efficiently and accurately.
- Experience with Microsoft Office (Word, Excel, SharePoint, Outlook)