This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description We’re looking for a Security Engineering & Compliance Intern to join our Security Engineering and Compliance team. You’ll work alongside Security Engineers and Security Analysts to help design and implement practical, scalable risk management and security solutions across IT Security, Incident Response, Security Operations, and Security Assurance domains, while learning how we turn compliance and risk needs into real-world engineering outcomes. Internship dates: June 1, 2026 - August 14, 2026 What You'll Do: - Learn about our users, systems, and security posture, and how security enables our product and business goals. - Support security assessments of code and infrastructure changes with guidance from Security Engineers, helping ensure alignment with SOC 2, PCI-DSS, and internal policies. - Assist with automating recurring security and compliance activities such as vulnerability scanning, risk assessments, third-party risk reviews, and control validation. - Help create and tune monitoring and detective alerts for security operations, non-compliance, and incident response, using our security tools and dashboards. - Contribute to maintaining a healthy posture of our security tools and automations by helping with configuration, troubleshooting, and documentation. - Assist with collecting, organizing, and reviewing audit evidence for SOC 2. - Participate in security incident response exercises and post-incident reviews, learning how we investigate and mitigate security events. - Collaborate with partners across Technology, Product, Analytics, and IT to support small, scoped projects that reduce risk and improve our security posture. - Have fun building meaningful, pragmatic security solutions with kind and smart people. Qualifications - Currently pursuing a degree in Computer Science, Information Security, Information Systems, or a related field, or equivalent practical experience. - Familiarity (through coursework, projects, or self-study) with one or more of: security engineering, cloud platforms, networking, or operating systems. - Some experience with at least one programming or scripting language (e.g., Python, Go, Ruby, JavaScript) and an interest in leveraging APIs to automate workflows. - Interest in risk management and compliance frameworks (e.g., SOC 2, PCI-DSS) and how they translate into technical and operational controls. - Comfort gathering and analyzing data, and summarizing findings clearly for both technical and non-technical audiences. - Strong written and verbal communication skills, with the ability to present your work and recommendations to a variety of stakeholders. - A collaborative, curious, and pragmatic mindset — you enjoy asking questions, learning from others, and iterating based on feedback. - A continuous learning mindset to stay current with the latest security trends, threats, and technologies. - Soft skills that are as well developed as your technical skills, and a willingness to challenge existing norms and help make things better than they are today. Requirements - The national hourly compensation range for this position is $30/hour - $36/hour. - Please note: Final offer amounts are determined by multiple factors, including prior experience, expertise and region & may vary from the amount above. This range does not represent additional compensation benefits (such as equity, 401K or medical, dental or vision insurance). - ezCater does not sponsor applicants for work visas or legal permanent residence. Benefits - You’ll get a terrifically compelling experience in an innovative, high performing environment. - You’ll get to work with engaged and passionate colleagues on challenging and impactful projects. - You will have opportunities to grow in your career, and work in a place that values work/life harmony. - Market competitive salary, stock options that you’ll help make worth a lot. - 12 paid holidays, flexible PTO. - 401K with ezCater match. - Health/dental/FSA, long-term disability insurance. - Mental health and family planning resources. - Remote-hybrid work from our awesome Boston office OR your home OR a mixture of both home and office. - A tremendous amount of responsibility and autonomy. - Wicked awesome co-workers, Relish (and many more goodies) when you’re in our office. - Knowing that you helped transform the food for work space. Company Description ezCater is the leading food for work technology company in the US, connecting anyone who needs food for their workplace to over 100,000 restaurants nationwide. For workplaces, ezCater provides flexible and scalable solutions for everything from recurring employee meals to one-off meetings, all backed by 24/7 customer service with real humans. ezCater also enables companies to manage their food spend in a single, customizable platform. For restaurant partners, ezCater helps them grow their business by bringing them more orders and new high-value customers. We're backed by top investors including Insight, Iconiq, Lightspeed, GIC, SoftBank, and Quadrille.

• Own the product security vision, ensuring security and trust are core to every stage of the product lifecycle. • Design and implement platform-wide security features, including Sybil resistance, bot detection, reputation systems, and anti-abuse primitives. • Lead threat modeling and security architecture reviews for new and existing product features. • Collaborate with infrastructure and product engineering to design secure APIs, data flows, and identity systems that scale. • Improve developer velocity by creating secure-by-default frameworks and tooling for internal teams. • Partner with incident response to quickly assess, contain, and remediate security events, and lead deep postmortems to improve defenses. • Stay ahead of the curve by monitoring emerging attack techniques and applying cutting-edge security research to our platform. • Mentor engineers across the company on secure coding practices, architecture trade-offs, and operational security.

• Utilizes technical expertise and industry best practices to implement physical security technology solutions that address the organization's unique security requirements. • Configures and maintains physical security software, applications, and other physical security tools, to protect the organization's assets. • Provides input on the architecture and engineering of new and existing physical security applications, including evaluating technical designs. • Develops detailed plans for implementing selected physical security solutions, including hardware, software, configuration parameters, and test plans. • Troubleshoots physical security applications and server issues, ensuring timely resolution. • Supports the integration of infrastructure with physical security solutions, ensuring requirements are met. • Resolves security incidents promptly, troubleshoots technical issues, and determines root causes. • Provides technical guidance and support to other staff and end-users on physical security-related matters. • Supports physical security device inventory, lifecycle management, and configuration standards. • Assists in facilitating the Physical Security Break/Fix Program, tracking issues and status, prioritizing urgent issues, and documenting related processes. • Supports management with physical security system administration projects and initiatives from inception to completion. • Collaborates with Legal, Compliance teams and Cyber/IT, as needed, and coordinates the physical security technology component of internal and external audits to ensure physical security programs adhere to relevant laws, regulations, standards, and policies. • Evaluates new physical security threats, technology trends, and develops effective physical security technical controls. • Stays updated on industry and regulatory trends to maintain current knowledge. • Compiles reports, dashboards, or operational metrics to measure the effectiveness of the technical security program. • Communicates complex security concepts to non-technical stakeholders and provides clear and concise reports.

• Provide guidance for security architecture, engineering and support • Mentor other team members and act as subject matter expert in the realm of Information Security • Ensure remediation of security issues reported by our systems, other personnel or 3 party security scanning vendors • Roadmap security architecture up to 3 years into future • Determine protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately • Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's guidelines • Perform security reviews, identify gaps in security architecture, and develop a security risk management plan • Monitor security systems to ensure security of our systems and data, looking for signs of anomaly or breach • Maintain documentation including security policy, standards, security monitoring system configuration, standard operating procedures (SOP) and other related information • Help engineer and configure key security controls such as firewalls, IDS, WAF, and other tools • Track and monitor compliance with security policy and best practices recommendations • Assist in development of new security policies and procedures • Assist with administration of security platforms (example: firewalls, proxies, active directory, vulnerability scanner, intrusion detection system, WAF) • Assist in coordinating special projects including network and desktop related efforts • Research, evaluate and recommend hardware/software purchases • Proactive monitoring of network/internet security systems • Analyze and troubleshoot security related issues • Provide expertise during incident response or forensic investigations • Keep current and continuous learning via vendor and trade opportunities