Information Security Intern

Topic 1: Enterprise AI Governance Portal

Description:

Design and implement an enterprise-grade centralized AI platform that provides secure compliant and ethical AI services to all business operations. The project involves extending the existing Open WebUI deployment on Azure with advanced features including MCP (Model Context Protocol) integrations for Atlassian ecosystem connectivity team-dedicated AI workspaces with isolated knowledge bases enhanced authentication flows using OAuth 2.1 and comprehensive audit logging for AI usage tracking. The solution must align with ISO 27001:2022 requirements and support the organizations goal of eliminating shadow AI tools through a governed centralized platform.

Key Attributes / Main Competencies:

• Cloud Infrastructure & Azure Services (Container Apps PostgreSQL Blob Storage)

• AI/LLM Gateway Architecture (LiteLLM Model Routing Rate Limiting)

• Enterprise Authentication (OAuth 2.1 Microsoft Entra ID SSO)

• API Integration & MCP Protocol Implementation

• Information Security Governance (ISO 27001 AI Ethics Data Protection)

• DevOps & Infrastructure as Code (Docker CI/CD Azure CLI)
  

Learning Outcomes:

• Understand enterprise AI governance frameworks and their alignment with information security standards

• Design and implement secure AI service architectures with proper access controls and audit capabilities

• Develop proficiency in Azure cloud services for deploying containerized AI applications

• Implement MCP integrations to connect AI assistants with enterprise tools (Jira Confluence)

• Create comprehensive documentation and training materials for organizational AI adoption

Topic 2: SOC 2 Type I Compliance Automation Platform

Description:

Develop an automated compliance monitoring and evidence collection system to support MASS Analytics SOC 2 Type I certification journey. The project involves implementing a centralized GRC (Governance Risk and Compliance) platform that integrates with existing IT infrastructure to automatically collect compliance evidence monitor control effectiveness and generate audit-ready reports. The solution should leverage the organizations existing ISO 27001:2022 certification investments while extending controls coverage to meet SOC 2 Trust Service Criteria (Security Availability Confidentiality Processing Integrity and Privacy). Key deliverables include automated evidence collection from Azure Atlassian and Microsoft 365 environments gap assessment workflows and real-time compliance dashboards.

Key Attributes / Main Competencies:

SOC 2 Framework & Trust Service Criteria Understanding

GRC Platform Implementation (Vanta Drata or similar)

API Integration for Evidence Collection (Azure APIs Microsoft Graph Atlassian APIs)

Information Security Controls & ISO 27001 Mapping

Dashboard Development & Reporting (Power BI React)

Workflow Automation & Process Optimization

Learning Outcomes:

• Master SOC 2 compliance requirements and their relationship with ISO 27001 controls

• Design and implement automated evidence collection pipelines for continuous compliance

• Develop integration skills across multiple enterprise platforms and APIs

• Create compliance dashboards that provide real-time visibility into control effectiveness

• Understand audit preparation processes and documentation requirements for Type I certification

Topic 3: Security Operations Center (SOC) Enhancement with Azure Sentinel

Description:

Implement and configure Microsoft Sentinel (Azure SIEM) to establish centralized security monitoring and incident response capabilities for MASS Analytics hybrid cloud environment. The project encompasses designing the log collection architecture implementing core data connectors for Azure services Microsoft 365 and on-premises FortiGate firewalls creating custom detection rules aligned with MITRE ATT&CK framework and developing automated incident response playbooks using Azure Logic Apps. Additionally the intern will enhance endpoint security through Microsoft Intune by strengthening application deployment patch management policies and compliance reporting. The solution must integrate with existing Jira Service Management workflows for security incident ticketing and tracking.

Key Attributes / Main Competencies:

• SIEM Architecture & Microsoft Sentinel Implementation

• Security Detection Engineering (KQL MITRE ATT&CK)

• Incident Response Automation (Azure Logic Apps SOAR)

• Endpoint Management (Microsoft Intune Patch Management)

• Network Security Monitoring (FortiGate Firewall Logs)

• ITSM Integration (Jira Service Management Automation)

Learning Outcomes:

• Design and implement enterprise SIEM solutions using Microsoft Sentinel

• Develop custom detection rules and analytics using Kusto Query Language (KQL)

• Create automated incident response playbooks for common security scenarios

• Implement comprehensive endpoint security policies using Microsoft Intune

• Integrate security operations with IT service management for streamlined incident handling