What You’ll Do:

• Maintain a detailed understanding of the technical details of cloud intrusions through analyzing cloud provider activity logs, such as AWS CloudTrail and Azure Activity Logs.

• Convert your understanding to an intelligence report

What You’ll Need:

• Familiarity with at least one cloud service provider (AWS, Azure, GCP) as a user e.g., creating identities

• Investigative mindset

• Team player: someone who is eager to help, teach, and learn from others

• Strong problem-solving skills

• Independent Learner

Bonus Points:

• Knowledge of programming and scripting languages, in particular Python

• Ability to express complex technical and non-technical concepts

• Understanding of identity and access management for at least one major cloud service provider (AWS, Azure, GCP)

• Familiarity with at least one major cloud service provider’s (AWS, Azure, GCP) cloud activity logs e.g. CloudTrail, Azure Activity logs, GCP Audit Logs

What You’ll Do:

• Create tools to automate analysis tasks and tracking of threat actors.

• Contribute to active mitigation efforts with technical expertise.

• Track relations between new threats and existing actors using in-house tools.

• Document threat evolutions and intelligence gaps for the broader Intelligence Team.

• Create host-based and network-based signatures suited for large-scale hunting, detection, and tracking of threats.

What You’ll Need:

• Team player: someone who is eager to help, teach, and learn from others

• Malware-analysis or knowledge of reverse-engineering principles

• First exposure to analyzing malware targeting mobile devices

• Ability to reconstruct incidents based on cloud activity logs from at least one major cloud service provider (AWS, Azure, or GCP)

• Strong problem-solving skills

• Ability to express complex technical and non-technical concepts

• Ability to learn new analysis techniques quickly, especially when faced with less-common file types

• Solid writing skills

• Knowledge of programming and scripting languages, in particular Python

• Actively enrolled in university and completing an undergraduate degree in Cybersecurity, Computer Science or related field in your penultimate year of study (2026 graduate)

Bonus Points:

• Solid understanding of mobile platforms

• Dynamic instrumentation frameworks

• Experience identifying and classifying malicious tooling through development of signatures that can be used for tracking and hunting purposes

• Familiarity with at least a couple of the following tools and languages;

• IDA

• Ghidra

• JEB

• WinDbg

• x86dbg/x64dbg

• Parallels or Virtual Box

• Java

• C/C++

• Rust

• Golang

• C#

• .NET

This is a 12 week internship commencing on Monday 2nd June and completing on Friday 22nd August.

#LI-Remote

#LI-RM1

What You Can Expect:

• Remote-friendly and flexible work culture

• Market leader in compensation and equity awards

• Paid holidays (including birthday holidays) and 401k matching (where applicable)

• Professional development opportunities including workshops, tech talks, and Executive Speaker Series

• Assigned mentors from across the company for continuous support and feedback

• Participation in companywide initiatives including ERGs, FalconFIT, Wellness Programs, and Employee Assistance Program

• Employee Resource Groups, geographic neighbourhood groups and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Ownership of impactful projects that move the company forward

• Great Place to Work Certified™ across the globe