Summary:

The cybersecurity internship is designed to provide exposure to a variety of security tasks that one should expect a junior or entry-level security analyst to perform. These include reimaging machines that have been previously compromised, SIEM (Security Information and Event Management) tool usage, virus/malware remediation, and general tasks of the security operations center (SOC). In addition, each semester an intern will be required to complete one special security-focused project that will serve as a more detailed look into one specific security need. This project will be adjusted to the needs of the University and matched to the skill set of the student. 

Duties & Responsibilities:

• Log analysis
• Machine reimaging (macOS and Windows)
• Malware/Virus removal and analysis
• Phishing mailbox monitoring and remediation
• Threat feed monitoring and updating
• SIEM tool incident monitoring
• SIEM tool dashboard/reporting creation and monitoring
• SOC monitoring
• Internship security project (will vary by semester and candidate’s skillset).
• Other duties as assigned

Required Qualifications:

• Entry into a qualified undergraduate or graduate degree. Qualified degrees are as follows:
  • B.S. Cybersecurity
  • B.S.E Computer Engineering
  • B.S. Computer Science
  • B.S. Information Systems
  • B.S. Information Technology
• 30 credits earned towards a qualified degree.
• General computer literacy.
• Introductory knowledge of security concepts: AV, Firewall, etc.
• Ability to lift 25+ lbs.
• Good communication skills (Verbal and Written).
• Signed confidentiality agreement.

Timeframe

• Year 1 – Internship (3 credits) @ 20/hrs. per week.
• If the intern distinguishes themselves there is an option to continue employment as a student employee past the internship semester. 
• Hours – between 8 a.m. and 5 p.m. (some evenings may be required but will be minimal)

Work Environment:

• Working in KHS or IT operations area in MAN 226

Technology Provided: 

• A PC (Desktop or Laptop)

Supervision:

• Receives strategic and administrative direction from the CISO and (Senior) Information Security Analyst. 

Compensation: $15 - $20

Learning Goals, Objectives, & Outcomes:

1. Log analysis
   1. GOAL: The student will understand how to analyze common log formats to identify suspicious traffic and events.
   2. OBJECTIVE: By the end of the internship the student should be able to:
      1. Review web server logs to identify normal vs suspicious traffic
      2. Review Linux server logs to identify normal vs suspicious events
      3. Review Windows server/workstation logs to identify normal vs suspicious events
   3. OUTCOME: The student will be able to work as an entry-level security analyst who is able to review various system logs and
      1. Identify types of logs and events generated by each system
      2. Identify normal traffic/events
      3. Identify and propose action on suspicious traffic/events
2. Malware/Virus removal and analysis
   1. GOAL: The student will understand how to identify malware/viruses, remediate malware/viruses, and perform rudimentary analysis.  
   2. OBJECTIVE: Use SIEM tool reports to understand what machines have malware/viruses and understand how to remediate them. Use information available in product consoles and SIEM tool(s) to understand where virus/malware originated and initial summary of IOC (Indicator of Compromise)
   3. OUTCOME: By the end of the internship the student should be able to function as an entry-level security analyst whose responsibilities relate to virus/malware remediation and association. 
3. Phishing mailbox monitoring and remediation
   1. GOAL: The student should be able to monitor a mailbox for reports of phishing and understand what actions are required to remediate the threat.
   2. OBJECTIVE: The student should be able to analyze a phishing message and understand what parts of the message indicated to the end-user that it was phishing; be able to understand the goal of the message; understand how to neutralize the payload of the phishing message. 
   3. OUTCOME: The student should be familiar with phishing and various remediation actions that can neutralize the payload of phishing messages. This includes Firewall blocks, URL stripping, file SHA hashes, virus/malware protection, and EOP (Exchange Online Protection) blocks. The student should be able to read email message headers to understand where a message originates.
4. Threat feed monitoring and updating
   1. GOAL: The student should be able to understand what a threat intelligence feed is and how to add/remove from our internal threat feed as well as examine third-party threat feeds to understand their desired outcomes.
   2. OBJECTIVE: GVSU uses Mindmeld, a Palo Alto, product to manage our threat intelligence feeds. The student should be able to examine a Mindmeld rule and understand what the rule accomplishes and how to add or remove criteria from the rule.
   3. OUTCOME: The student should have a general understanding of threat intelligence feeds and understand the common format of these feeds as well as how to update them. 
5. SIEM tools
   1. GOAL: The goal is to familiarize a student with SIEM technology and how it is used in an enterprise setting.
   2. OBJECTIVE: Specifically, GVSU uses Splunk and Azure Sentinel. The student will be introduced to both systems and taught how to analyze traffic and incidents. After an introduction, the student should be able to create custom alerts and dashboards based on data collected in the SIEM tool. 
   3. OUTCOME: All SOCs use a SIEM tool as the core of their monitoring operation. By the end of the internship, a student should understand the basics of how to search, understand, and report on data presented through a SIEM tool.