Summer Associate Internship

Team Overview:

Application Whitelisting is a team within the Service Transition group of NFCU’s Enterprise Technology Services (ETS). The team manages policies, standards, and processes that govern the use of applications—from inception to retirement—within NFCU compute environments. "Applications" include executables, libraries, scripts, macros, browser plug-ins (or add-ons/extensions), configuration files, and application-related registry entries.

The team’s primary responsibility is to review, enhance, and implement controls that ensure applications used within NFCU comply with key security policies and standards. A key outcome is the prevention of unauthorized or unvetted software execution on desktops and servers, reducing exposure to security vulnerabilities. This role offers exposure to enterprise security practices, application lifecycle management, and cross-functional collaboration with IT and security teams.

Potential Project:

As a Summer Associate, you may contribute to the following initiatives:

• Analyze and categorize application data from tools such as Microsoft Defender, Black Duck, and Checkmarx to identify inconsistencies and build a centralized whitelisting inventory.
• Design and automate reporting mechanisms for whitelisting status, risk scores, and ownership to improve visibility and decision-making.
• Collaborate with ServiceNow and CMDB teams to validate data ingestion, resolve discrepancies, and align with enterprise architecture standards.
• Support attestation workflows and governance discussions to ensure whitelisting policies align with enterprise standards and reduce risk exposure.
• Develop scripts and APIs to automate data integration and streamline inventory maintenance.
• Present findings, process improvements, and recommendations to leadership, contributing to the formalization of the whitelisting service.

The Summer Associate Program is a 12-week internship running from May to August 2026. Interns will work on meaningful projects that contribute to NFCU’s mission while gaining hands-on experience in cybersecurity and enterprise technology. To qualify, applicants must be currently enrolled in an accredited college or university and have an anticipated graduation date of December 2026 or later.

Experience:  Total Professional Experience 5+ years of which Information Technology Experience is 3+ years and at least 1 year Security Experience

Required:

• Currently pursuing a degree in Cybersecurity, Information Systems, Computer Science, or a related field.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities.
• Familiarity with general IT concepts and business processes.
• Proficiency in Microsoft Office tools.

Preferred:

• Exposure to scripting languages such as Python or PowerShell.
• Familiarity with application security tools (e.g., Microsoft Defender, Black Duck, Checkmarx).
• Experience with data analysis or reporting tools (e.g., SQL, Excel, or analytics platforms).
• Understanding of ServiceNow and CMDB concepts.
• Interest in process automation and enterprise security governance.
• Knowledge of software development methodologies (e.g., Agile, DevOps, SDLC) is a plus.

Hours: Monday – Friday 8:00AM - 4:30PM EST

Location: 
Remote position if candidate is not local to one of the sites listed below for hybrid work:
820 Follin Lane, Vienna, VA 22180
5550 Heritage Oaks Dr Pensacola, FL 32526 

 

• Identify and reconcile inconsistencies in application metadata across multiple enterprise tools and repositories.
• Apply analytical techniques to detect anomalies and fill gaps in whitelisting-related data.
• Engage with business and technical owners to validate application ownership and compliance.
• Use scripting and automation to streamline data preprocessing and ensure real-time updates to the whitelisting inventory.
• Contribute to governance discussions to align whitelisting practices with enterprise policies.
• Ensure accurate classification of applications (e.g., SaaS, Third-Party, Custom) and maintain structured tagging based on risk and certification status.
• Assist in refining questionnaires and validation processes for custom/homegrown applications.
• Communicate findings and recommendations to stakeholders to support informed decision-making.