Cyber Defense Intern
About OCC:
A World Class Clearing Organization
OCC is the largest equity derivatives clearing organization in the world. We provide central counterparty clearing and settlement services for equity options, futures, options on futures, and securities lending transactions. We serve approximately 115 clearing members and 15 exchanges including CBOE, Nasdaq, and NYSE.
OCC is building a culture that empowers continued learning, authentic innovation, and constant creativity.
About the Intern Program:
OCC is looking for interns who are hungry for the chance to learn more, humble enough to admit they don’t know all the answers, and smart enough to recognize the opportunity. The OCC Internship Program provides students with the real-world skills to successfully transition into a career in the financial services industry. As an intern, you will help lead projects that help shape the future of OCC. This person will apply their skill-set and knowledge toward tackling designated projects. This an exciting opportunity to have a true impact on the company by designing and implementing solutions for real challenges facing the business. Here’s what we’re looking for:
Projects and Responsibilities:
- Application Security Testing
- Perform application security testing utilizing security scanning tools, manual source code reviews, and manual penetration assessments
- Collate vulnerabilities from assessments into the system of record for all application vulnerabilities
- Assess vulnerabilities to determine the true risk to OCC and identify false positives
- Work with the application teams across OCC to communicate the vulnerabilities and identify remediation plans
- Make security testing required determinations of development enhancements
- CI/CD pipeline
- Assist in maintenance of current security tool containers in the pipeline, including bug and feature enhancements
- Help develop new security tool containers
- Troubleshoot issues in the pipeline
- Documentation and Process Improvement
- Assist in the development of security engineering documentation
- Participate in the improvement of security engineering processes
- Help gather evidence of security testing processes for audits
Candidate Qualifications:
- Critical thinking and Analytical skills (preferred that the applicants have taken information system focused courses)
- Self-starter
- Aptitude to learn
- Programming knowledge and coding experience, particularly Python and JAVA
- Basic understanding of system development lifecycle
- Prefer basic knowledge of CI/CD pipelines (Jenkins)
- Prefer basic knowledge of Docker
- Prefer knowledge of Security control frameworks (RMF, CSF)
What knowledge and skills will the intern gain from this internship?
- Operational experience of how a Security department functions
- Exposure to software delivery lifecycle and security touchpoints