Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.
MITRE’s Electronic Systems Security department is seeking a Cybersecurity Compliance Intern with foundational CMMC experience to support our compliance program and help stand up/maintain a secure, consistent Long-Term Support (LTS) environment for endpoints and servers. This internship is ideal for a student who has hands-on exposure to CMMC/NIST 800-171 concepts and wants real-world experience implementing controls, documenting evidence, and improving system configuration and patching practices.
Roles & Responsibilities:
-
Assist with maintaining and updating compliance documentation (e.g., SSP, POA&M, network/service inventories, asset inventories)
-
Assist with configuring patching and update workflows consistent with an LTS approach (e.g., update rings, maintenance windows, rollback planning).
-
Help implement and validate hardening baselines (e.g., CIS-aligned settings where applicable), local firewall rules, and least-privilege configuration.
-
Assist with endpoint inventory and service/port inventory (what listens where, how it’s accessed, and what controls are in place).
-
Document procedures/runbooks for routine operations (patching, account provisioning, backup checks, log review).
-
Help verify logging sources are enabled and forwarding properly (Windows Event Logs, Linux syslog/journald, SSH logs, application logs).
-
Assist with basic alert tuning or dashboarding in [MITRE's SIEM/EDR/tooling] under supervision.
-
Help collect and organize compliance evidence (screenshots, config exports, policy acknowledgements, logs) in a structured repository
-
Support scoping activities: identifying in-scope systems, applications, accounts, and data flows involving CUI
-
Participate in basic control implementation tasks aligned to NIST 800-171/CMMC Level 2 (e.g., access control, audit/logging, configuration management)
-
Assist with configuring patching and update workflows consistent with an LTS approach (e.g., update rings, maintenance windows, rollback planning)
-
Help implement and validate hardening baselines (e.g., CIS-aligned settings where applicable), local firewall rules, and least-privilege configuration
Basic Qualifications:
-
Currently enrolled in (or recently completed) a cybersecurity program or related field
-
Familiarity with CMMC concepts and/or NIST SP 800-171 (coursework, labs, internship, or prior job exposure)
-
Basic competency with Windows administration and/or Linux fundamentals (accounts, services, permissions, logs)
-
Comfort using command-line tools and troubleshooting (PowerShell and/or Bash)
-
Strong documentation habits: can write clear steps, capture evidence, and keep organized records
-
Ability to handle sensitive information appropriately and follow security procedures
-
Basic understanding of networking (ports, protocols, SSH tunneling, segmentation)
-
Effective oral and written communication skills
Preferred Qualifications:
- Exposure to any of: SSP/POA&M work, evidence collection, asset inventories, or audit prep
-
Familiarity with endpoint management/patching tools (e.g., Intune, WSUS, SCCM, JAMF, apt/yum/dnf workflows)
-
Familiarity with hardening guidance (CIS Benchmarks, STIG concepts) and basic firewall configuration
-
Experience with Git, ticketing systems (Jira/ServiceNow), or documentation tools (Confluence/SharePoint)
-
Basic understanding of networking (ports, protocols, SSH tunneling, segmentation)
-
Must be eligible for a security clearance
This requisition requires the candidate to have a minimum of the following clearance(s):
Not Applicable
This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):
Not Applicable
Salary compensation range and midpoint:
$54,500 - $68,000 - $81,500 Annual
Work Location Type:
Hybrid
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.
MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email [email protected] for general support and [email protected] for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.
Benefits information may be found here.
Copyright © 1997-2026, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.
