Cybersecurity Intern

Customized Energy Solutions (CES) is seeking a Cybersecurity Intern to support its Infrastructure Services and Security team on a three-month contract engagement. This role is focused on coordinating vulnerability assessment and penetration testing (VAPT) activities conducted by CES external security partners, with a primary emphasis on our SOC 2-scoped applications and other critical platform environments.The intern will serve as a key liaison between external testing partners and internal CES stakeholders throughout the full VAPT lifecycle — from project kickoff through vulnerability remediation tracking. This is an excellent opportunity for an early-career cybersecurity professional to gain hands-on exposure to enterprise security operations, compliance-driven testing programs, and cross-functional stakeholder engagement. Depending on engagement pace and intern readiness, there is potential for expanded involvement in internal scanning activities and AI-assisted security workflows.Key ResponsibilitiesEngagement CoordinationCoordinate scheduling, logistics, and communication with external red team and penetration testing vendorsMaintain a master engagement calendar covering test windows, scoping sessions, and review milestonesServe as the primary point of contact for day-to-day coordination between external partners and the IS security teamTrack engagement status and flag scheduling conflicts or scope changes to IS leadershipInternal Stakeholder CommunicationDraft and distribute clear, audience-appropriate communications to internal teams regarding upcoming test activities, timelines, and potential impactsPrepare briefing materials and summary documentation for pre-engagement kickoffs and post-engagement reviewsCoordinate access provisioning requests and testing environment logistics with relevant application and infrastructure ownersMaintain a project tracker and status dashboard for all active and upcoming VAPT engagementsFindings Review & Remediation SupportCompile and organize vulnerability findings from external partner reports into structured internal formatsFacilitate working sessions with internal application teams to review findings, clarify technical details, and discuss remediation optionsTrack remediation commitments, target dates, and completion status across all in-scope applicationsEscalate past-due or high-severity remediation items to IS leadership as appropriateMaintain accurate records of vulnerability lifecycle from identification through verified remediationDocumentation & ReportingProduce engagement summaries and status reports for IS leadership and, where applicable, executive stakeholdersMaintain a centralized repository of test plans, findings reports, and remediation records in SharePointSupport ongoing SOC 2 evidence collection related to VAPT activities