Internship Cloud Security - MS 365 Security-as-Code analysis

NVISO is a pure-play cyber security consulting firm: our team is composed of security professionals who each have their specific field of expertise, ranging from Information Security Governance, Risk & Compliance to Incident Response, Penetration Testing, CSIRT/SOC, Software Security, and Training & Awareness. This fantastic blend of skills enables us to help organizations prevent, detect, and respond to complex security challenges.

The project focuses on evaluating a Security-as-Code tool designed for assessing Microsoft 365 environments and Entra ID. The primary objective is to understand the deployment process, including its configuration and integration within existing systems.

The project involves:

• conducting a comprehensive analysis of the tool's functionalities;
• identifying its strengths and potential areas for improvement;
• performing a gap analysis by comparing the tool with another security assessment script, and determining areas where it excels and where enhancements might be necessary.

Additionally, the project explores the implementation of custom controls within the Security-as-Code framework. This involves delving into the technical aspects of the tool to understand how custom policies and controls can be developed and integrated into the existing framework.

Collaboration with team members is essential to design and test these custom controls, ensuring they meet the teams specific security needs. Through this project, participants will gain experience in security assessment methodologies, Microsoft 365 and Entra ID features and architecture, and the customization of security solutions, contributing to the enhancement of the organization's security posture through automation.

• Pursuing or recently completed a degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• Familiarity with Microsoft 365 and Software-as-a-Service concepts.
• Understanding of security assessment methodologies and tools.
• Basic knowledge of scripting languages (e.g., PowerShell, Python) for understanding code.
• Ability to conduct comprehensive analysis and gap assessments of tools.
• Strong problem-solving skills to identify strengths and areas for improvement in security solutions.
• Effective communication skills to collaborate with team members and articulate findings and recommendations.
• Ability to work in a team-oriented environment.
• Keen interest in cybersecurity and security automation.

Nice to have:

• Coding skills in PowerShell to improve and add custom controls.
• Knowledge of Entra ID in particular.
• Experience with administration of SaaS tools, provisioning of access, and IT/Security operations.
• Experience or knowledge about CI/CD best practices.

Disclaimer on the Use of AI Tools in the Application Process

Please be aware that the creation and submission of application documents (e.g. CV, cover letter, case studies, etc.) using AI-powered tools is only permitted to a limited extent.

Our expectations:

Application documents must authentically reflect your own qualifications, personality, and motivation.

The use of AI for supportive purposes (e.g. spell-checking, improving wording) is acceptable.

Fully generated application documents created by AI without personal adaptation or review are not permitted.

Under no circumstances may NVISO information, data, or documents be uploaded to or processed by external AI tools.

We reserve the right to exclude applications from the selection and interview process that are clearly created primarily or exclusively by AI and show no recognizable personal input.

The purpose of this policy is to ensure a fair and transparent recruitment process and to obtain an authentic impression of our applicants.