About Our Internship Program Our summer internship program offers emerging cybersecurity professionals a unique opportunity to gain hands-on experience in threat hunting. As a Threat Hunting intern, you’ll be fully embedded within a team for 12 weeks, working alongside experienced hunters on actual investigations, learning the craft from the inside, and building skills that directly reflect what the industry demands. What We Offer • Customized Experience: We match qualified interns with projects and teams based on their interests and skill sets • Real-World Hunts: Contribute meaningfully to live threat hunting operations, not simulated exercises • Dedicated Mentorship: Receive one-on-one guidance from experienced senior threat hunters • Full Team Integration: Experience what it is truly like to work in a mature security team by becoming a valued contributor from day one The Role You will be joining a threat hunting team focused on hypothesis-driven detection of adversary activity across client environments. The team’s mission is to surface what automated tools miss: the subtle, low-and-slow behaviors that signal a determined attacker. As an intern, you will support senior hunters across every phase of the hunt lifecycle, learning by doing and contributing real work to ongoing investigations. As a Threat Hunting Intern, you’ll: • Support senior threat hunters in executing structured hunt missions from initial hypothesis through to final reporting, participating in every phase of the process • Conduct searches and queries across SIEM and EDR platforms to surface anomalous behaviors and gather evidence to validate or refute active hunt hypotheses • Assist in organizing and maintaining hunt hypothesis logs, tracking the reasoning behind each hypothesis, the data sources queried, and the outcomes as hunts progress • Validate hunt results by cross-referencing detections against environmental baselines, threat intelligence, and known-good behavior, distinguishing true positives from noise and documenting your reasoning clearly • Contribute to the drafting of final hunt reports, helping to summarize methodology, findings, and recommendations in a format suitable for both technical team members and non-technical readers • Communicate the results of completed hunts internally, presenting findings in written summaries, team updates, or channel posts with appropriate technical clarity • Assist senior hunters in refining and testing detection queries, helping to identify edge cases, validate logic against real data, and suggest improvements based on observed patterns • Support triage and contextualization of security findings that surface during hunt operations, helping to prioritize and document what matters • Contribute to team knowledge resources by helping document search patterns, field references, hunt playbooks, and lessons learned from completed hunts • Stay current on emerging threats and adversary techniques, bringing relevant threat intelligence into hypothesis discussions and helping connect external context to active hunt priorities Qualifications • Currently pursuing a degree in Cybersecurity, Computer Science, Information Systems, or a related field; or equivalent demonstrated experience through self-study, competitions, or independent work • Demonstrated interest in cybersecurity evidenced through personal projects, CTF participation, home labs, coursework, or active engagement with the security community • Foundational understanding of networking concepts including TCP/IP, DNS, and common protocols, with an ability to recognize when traffic or behavior looks out of place • Basic familiarity with Windows and/or Linux operating systems: understanding of processes, file systems, and logs at a level that supports security investigation • Some exposure to query languages such as KQL, SPL, SQL, or similar; comfort writing structured searches to filter and investigate data is a strong advantage • Awareness of attacker tactics, techniques, and procedures (TTPs) and familiarity with frameworks such as MITRE ATT&CK at a conceptual level • Strong written communication skills, as you will be contributing to internal findings summaries and hunt reports read by experienced practitioners • Detail-oriented and curious working style: the ability to follow evidence methodically, ask the next question, and challenge initial assumptions is central to this work • Comfortable working under the direction of senior team members, asking questions, communicating findings proactively, and flagging blockers early • Any prior exposure to security tooling such as a SIEM, EDR, or log analysis platform is a plus, but not required; we will teach you what you need Program Details Duration: 12 weeks Location: Remote Reports to: Senior Threat Hunter

As an Insider Threat Investigator here at Honeywell, you will play a crucial role in identifying, investigating, and mitigating insider threats within the organization. Your expertise will help safeguard our assets and ensure a secure working environment for all employees. You will report directly to our Insider Threat Security Manager, and you’ll work out of our Phoenix, Arizona location or in a remote capacity. In this role, you will impact the overall security posture of Honeywell by proactively identifying potential risks and implementing strategies to mitigate them, ensuring the safety and integrity of our operations.

Role Description As a Wayfinder Threat Hunting Intern, you will support senior threat hunters in delivering SentinelOne’s proactive threat hunting services across commercial and FedRAMP‑authorized environments. You’ll help research emerging threats, assist with building and testing hunt queries, and learn how we convert intelligence and hypotheses into high‑fidelity detections, Flash Reports, and client‑ready insights. What Will You Do? - Assist with threat hunting and hunt content: - Help senior hunters design and refine hypotheses‑driven hunts and reusable rules aligned with the MITRE ATT&CK framework, with a strong emphasis on EDR telemetry across Windows, macOS, and Linux. - Support execution of proactive hunts across endpoints and related telemetry to uncover living‑off‑the‑land techniques, stealthy persistence, and other advanced adversary behavior. - Support emerging threat response and periodic hunts: - Contribute to research on emerging threats (e.g., major zero‑days or KEVs), helping senior hunters map relevant TTPs and draft focused hunt logic and validation steps. - Assist with preparing and running Emerging Threat and hypothesis‑based campaigns across client environments using various workflows. - IOC lifecycle and Synapse operations: - Curate and operationalize relevant IOCs/TTPs from CTI, Labs research, and OSINT into hunts and, when appropriate, convert those into platform detections. - Support efforts to identify coverage gaps and propose additions or exclusions based on hunt results and analyst feedback. - Triage, analysis, and collaboration: - Review batched hunt findings with related tools, assisting senior hunters with initial triage, enrichment, and classification (benign, suspicious, threat) under guidance. - Partner with various supporting teams to share observations about hunts findings, potential tuning opportunities, and candidate rules for platform detections. - Documentation, reporting, and enablement: - Document investigative hypotheses, methodology, and findings within internal knowledge bases and project management platforms to ensure team-wide alignment and continuous improvement. - Assist in drafting technical summaries and reports that detail notable threats, including scope, impact, and recommended mitigations, under the mentorship of senior analysts. - Help maintain and update team playbooks and standard operating procedures (SOPs) to reflect new findings and streamlined workflows. Qualifications - Strong written and verbal communication skills, with the ability to clearly document analysis, summarize findings, and collaborate with distributed teams across MDR, IRR, Detection Engineering, and Threat Intelligence. - Progress toward a degree in Computer Science, Cybersecurity, Information Security, or a related technical field, or equivalent practical experience. - Foundational experience with security operations concepts, such as familiarity with EDR/XDR or SIEM tooling, basic SOC workflows, or prior lab/internship experience in threat hunting, incident response, or security analysis. - Comfort working with EDR‑style telemetry (process, file, network, and persistence data) and an interest in learning how to turn that telemetry into effective hunts and detections. - Basic proficiency with at least one scripting or query language (such as Python, PowerShell, Bash, SQL, or a log query language), and an interest in using code and queries to test hypotheses and analyze large datasets. - Exposure to MITRE ATT&CK or similar frameworks, and curiosity about adversary TTPs, campaign tracking, and how CTI (threat intelligence) is operationalized into hunts. - A growth mindset, strong attention to detail, and a willingness to work within structured processes (including FedRAMP‑aligned procedures) while still thinking creatively about new hunt ideas and improvements. Benefits - 1:1 mentorship - The opportunity to expand your knowledge and work on challenging projects - Training and Development opportunities - Connections to other recent grads, and employees across the company - Leadership speaker series where you can learn about other areas of the business and ask questions to the senior leadership team and industry experts - Fun events! Company Description SentinelOne is a company at the intersection of AI and security, pioneering a new operating model for cybersecurity. Our AI-native platform unifies protection across endpoint, cloud, identity, data, and AI systems to deliver autonomous detection and response with clarity and speed.

Join a dynamic team at the pulse of global markets, where we deliver innovative software and service solutions for essential financial reporting and capital markets transactions. At DFIN, we are a values-driven organization that empowers you to build a fulfilling career while bringing your authentic self to work every day. Our "Win as One" mentality ensures that our team's success is directly linked to Client, Shareholder and Employee Satisfaction. Recognized as one of AMERICA'S MOST LOVED WORKPLACES® for five consecutive years and a Built In Best Places to Work for six years, we are committed to our employees' total well-being. Enjoy competitive compensation, a flexible workplace, comprehensive benefits, and opportunities for professional growth. Bring your passion and talents to DFIN - because being YOU thrives here. Summary: The Senior Cyber Threat Analyst will lead efforts to investigate cybersecurity incidents from end-to-end, engaging and coordinating peer teams, stakeholders, and external entities as necessary. This person will play a role of subject matter expert in the areas of incident response, threat hunting, and forensics. The Senior Cyber Threat Analyst will author incident response runbooks and mentor cyber threat analysts in incident response and digital forensics methodologies. Responsibilities: - Lead incident response activities to identify, assess, contain, mitigate all observed threats and document all investigational efforts for multiple audiences - Develop and operationalize incident response runbooks with an emphasis on automation and ability to measure incident response effectiveness (Develop/track KPIs) - Document and track incident response investigations, including observed IOCs and TTPs, system(s) impacted, criticality and scope of any data exposure, lessons learned, follow-up items - Act as a liaison between a diverse group of teams including engineering, security, and network & system operations to ensure effective adoption of incident response requirements and operational considerations - Act as incident manager for all declared cyber security incidents - Conduct traditional forensic and data acquisition activities utilizing industry standard commercial and open-source toolsets - Identify, analyze, and interpret trends or patterns in complex data sets - Work with the functional business areas as needed during incident response investigations - Develop, customize, and maintain reporting around key metrics related to investigational and threat hunting activities - Serve as a trusted advisor to the team Lead, Manger, and the SVP, and CISO on sensitive matters warranting confidentiality - Communicate and present issues/investigation results to peer and executive-level audiences - Demonstrate subject matter expertise across most technology domains Qualifications: - Extensive cybersecurity experience, including 8+ years in investigations and incident response, supported by a bachelor's degree or equivalent demonstrated expertise. - Deep hands‑on expertise in incident response, computer forensics, malware analysis, network traffic analysis, and log analysis. - Strong capability in security operations, including the use of SIEM, SOAR, and EDR platforms, threat intelligence, and frameworks such as MITRE ATT&CK and ATLAS. - Broad technical knowledge across operating systems (Windows, macOS, Linux/Unix, mobile), modern cloud environments (SaaS, PaaS), and core security technologies such as firewalls and intrusion detection systems. - Strong analytical, risk‑assessment, and communication skills, with the ability to operate effectively in high‑stress environments, clearly communicate with engineers and leadership, and handle sensitive information in accordance with defined processes. It is the policy of Donnelley Financial Solutions to select, place, and manage all its employees without discrimination based on race, color, national origin, gender, age, religion, actual or perceived disability, veteran status, actual or perceived sexual orientation, genetic information or any other protected status. If you are a qualified individual w ith a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access jobs.dfinsolutions.com as a result of your disability. You can request a reasonable accommodation by sending an email to talentacquisition@dfinsolutions.com . At DFIN, protecting your identity is a top priority. Please be aware of scammers impersonating DFIN recruiters. DFIN recruiters will never request personal information via email or text. You will only receive a text from us if you've already been in contact. All automated messages will come from talentacquisition@dfinsolutions.com . If you ever have doubts about the legitimacy of any communication from us, please do not hesitate to reach out for verification via talentacquisition@dfinsolutions.com (this email is for general TA questions and is not used for updates on your application status). #BI-Remote