Engineering Lab CMMC Intern

Cybersecurity Compliance Intern

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do.

The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership.

If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.

MITRE's Electronic Systems Security department is seeking a Cybersecurity Compliance Intern with foundational CMMC experience to support our compliance program and help stand up/maintain a secure, consistent Long-Term Support (LTS) environment for endpoints and servers. This internship is ideal for a student who has hands-on exposure to CMMC/NIST 800-171 concepts and wants real-world experience implementing controls, documenting evidence, and improving system configuration and patching practices.

Roles & Responsibilities:

• Assist with maintaining and updating compliance documentation (e.g., SSP, POA&M, network/service inventories, asset inventories)
• Assist with configuring patching and update workflows consistent with an LTS approach (e.g., update rings, maintenance windows, rollback planning).
• Help implement and validate hardening baselines (e.g., CIS-aligned settings where applicable), local firewall rules, and least-privilege configuration.
• Assist with endpoint inventory and service/port inventory (what listens where, how it's accessed, and what controls are in place).
• Document procedures/runbooks for routine operations (patching, account provisioning, backup checks, log review).
• Help verify logging sources are enabled and forwarding properly (Windows Event Logs, Linux syslog/journald, SSH logs, application logs).
• Assist with basic alert tuning or dashboarding in [MITRE's SIEM/EDR/tooling] under supervision.
• Help collect and organize compliance evidence (screenshots, config exports, policy acknowledgements, logs) in a structured repository
• Support scoping activities: identifying in-scope systems, applications, accounts, and data flows involving CUI
• Participate in basic control implementation tasks aligned to NIST 800-171/CMMC Level 2 (e.g., access control, audit/logging, configuration management)
• Assist with configuring patching and update workflows consistent with an LTS approach (e.g., update rings, maintenance windows, rollback planning)
• Help implement and validate hardening baselines (e.g., CIS-aligned settings where applicable), local firewall rules, and least-privilege configuration

Basic Qualifications:

• Currently enrolled in (or recently completed) a cybersecurity program or related field
• Familiarity with CMMC concepts and/or NIST SP 800-171 (coursework, labs, internship, or prior job exposure)
• Basic competency with Windows administration and/or Linux fundamentals (accounts, services, permissions, logs)
• Comfort using command-line tools and troubleshooting (Power Shell and/or Bash)
• Strong documentation habits: can write clear steps, capture evidence, and keep organized records
• Ability to handle sensitive information appropriately and follow security procedures
• Basic understanding of networking (ports, protocols, SSH tunneling, segmentation)
• Effective oral and written communication skills

Preferred Qualifications:

• Exposure to any of: SSP/POA&M work, evidence collection, asset inventories, or audit prep
• Familiarity with endpoint management/patching tools (e.g., Intune, WSUS, SCCM, JAMF, apt/yum/dnf workflows)
• Familiarity with hardening guidance (CIS Benchmarks, STIG concepts) and basic firewall configuration
• Experience with Git, ticketing systems (Jira/Service Now), or documentation tools (Confluence/SharePoint)
• Basic understanding of networking (ports, protocols, SSH tunneling, segmentation)
• Must be eligible for a security clearance

Salary compensation range and midpoint:

$54,500 - $68,000 - $81,500 Annual

Work Location Type:

Hybrid

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable…