Technology Internship Program (Penetration Testing)

As one of the country’s largest writers of commercial and specialty insurance, CNA depends on the talent, expertise and enthusiastic engagement of our employees. We provide insurance protection to more than 1 million businesses and professionals in the U.S. and internationally, offering unique expertise for the businesses and industries we serve. Our commitment to diversity and inclusion enables us to serve a broad range of customers while supporting our communities through charitable contributions and employee volunteerism.

CNA’s Tech Summer Internship Program is looking to create a team of interns for a dynamic and fast pace 10-12 week training program that provides hands on experience and unique opportunities across a variety of technologies.  Intern Pen Tester primary responsibility is to support the senior engineering staff in the execution of penetration tests and vulnerability assessments for internal and external systems and applications.

Program Features and Benefits:

• Work directly with experienced CNA Security Operations to work on Pen Testing
• Apply software engineering best practices such as Test Driven Development (TDD)
• Use Public Cloud platforms to create business applications and services

• In-depth education in technology, the insurance industry, CNA’s organization and how Technology plays a leading role in an insurer’s profitability
• A dedicated manager and a mentor who will guide you throughout your internship program at CNA
• Opportunities to meet with members of our senior leadership team virtually and learn about their personal experiences in Security Operations Technology within the insurance industry
• Professional and personal development activities and ongoing feedback and coaching on performance
• Consideration for potential full-time placement upon graduation

Required Knowledge, Skills and Experience:

• Assist in assessing CNA’s infrastructure, web applications, and mobile environment for security weaknesses
• You will gather this information through the following techniques:
  • Active and Passive Information Gathering
  • Vulnerability Scanning
  • Utilizing common (OWASP) Web Application Attacks
  • Exploiting vulnerabilities through publically available exploits for OS’s and WebApps
  • Antivirus Evasion
  • Privilege Escalation
  • Password Attacks
  • Active Directory Attacks

• Interact with the stakeholders during and after all assessment phases to coordinate issues and their resolution
• Build relationships with other departments to better understand business needs. Ability to meet established deadlines and communicate potential blockers
• Maintain an understanding of new vulnerabilities and attack techniques

Education: Pursuing a Bachelor's degree in a related field is desired, not required. Security+, or other security related certifications is desired, not required.

• Must be a sophomore, junior or senior (undergraduate) or in first year of Master’s program pursuing a degree in Computer Science, Computer Engineering or related field
• A minimum 3.00 GPA is required (overall and major)

Experience: Information technology, preference to those with development, network, or systems administration experience. Penetration testing is desired, not required.

• Experience with at least one automation/scripting language (e.g. Python).
• Some experience with web app or systems testing is desired.
• Basic knowledge and understanding of at least one computer programming language (e.g. .NET or Java).
• Familiarity with testing tools: WebApp vulnerability scanners (e.g. Acunetix WVS, BurpSuite, ZAP, Fortify SCA, IBM AppScan, Nessus, Qualys WAS, or etc.). Familiarity with Kali Linux, Metasploit, Cobalt Strike or other testing tools.

Program Location:

Position will be remote.