Octave→
Information Security & GRC Intern
InternshipRemote
Location
Not specified
Salary
Not listed
Experience
Not specified
Posted
1 week ago
Skills
information security principlescompliance frameworksrisk managementsast toolssca toolspythonpowershellowasp top 10secure coding practicesapplication securitygovernance riskcompliance (grc)audit support
Job Description
Summary: Octave provides mission-critical software that empowers organizations to make informed decisions across every stage of the asset lifecycle. The InfoSec & GRC Intern will help strengthen the security posture of SIG’s software ecosystem by assisting in reviewing security scan results, preparing audit evidence, and maintaining security policies and documentation.
Responsibilities:
- The InfoSec & GRC Intern will help strengthen the security posture of SIG’s software ecosystem
- You will assist in reviewing SAST/SCA scan results, evaluating exceptions to standards, preparing audit evidence, supporting risk assessments, and maintaining security policies and documentation
- This role provides exposure to both Application Security (AppSec) and Governance, Risk & Compliance (GRC) duties, supporting our secure‑by‑design engineering program
- Review and triage static (SAST) and software composition analysis (SCA) scan findings, validating issues and collaborating with development teams on remediation
- Participate in secure design discussions and support application security proof‑of‑concept evaluations under the guidance of senior AppSec engineers
- Assist in enhancing SDLC security activities and tracking vulnerability remediation progress
- Help maintain and update security policies, standards, and procedural documentation
- Review and help process exceptions to security standards, ensuring risks are documented and mitigation actions are captured
- Assist in internal and external audit preparation, collecting evidence to demonstrate control effectiveness
- Support compliance activities for frameworks such as ISO 27001, ISO9001, ISO42001, SOC2, etc. including documentation gathering and follow‑ups on mitigation actions
Required Qualifications:
- Currently pursuing a degree in Cybersecurity, Computer Science, Information Security, or related field
- Strong written and verbal communication skills, with the ability to collaborate across cross‑functional teams
- Organized with strong attention to detail and ability to manage multiple tasks simultaneously
Preferred Qualifications:
- Foundational understanding of information security principles, compliance frameworks (ISO 27001, SOC 2, NIST CSF), and risk management concepts
- Familiarity with SAST/SCA tools (e.g., GitHub Advanced Security, Snyk, Checkmarx)
- Basic scripting or automation experience (Python, PowerShell, or similar)
- Understanding of OWASP Top 10, secure coding practices, or common application vulnerabilities
Required Skills: Information security principles, Compliance frameworks, Risk management, SAST tools, SCA tools, Python, PowerShell, OWASP Top 10, Secure coding practices, Application security, Governance Risk, Compliance (GRC), Audit support