Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges-and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day-working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.
MITRE's Electronic Systems Security department is seeking a Cybersecurity Compliance Intern with foundational CMMC experience to support our compliance program and help stand up/maintain a secure, consistent Long-Term Support (LTS) environment for endpoints and servers. This internship is ideal for a student who has hands-on exposure to CMMC/NIST 800-171 concepts and wants real-world experience implementing controls, documenting evidence, and improving system configuration and patching practices.
Roles & Responsibilities:- Assist with maintaining and updating compliance documentation (e.g., SSP, POA&M, network/service inventories, asset inventories)
- Assist with configuring patching and update workflows consistent with an LTS approach (e.g., update rings, maintenance windows, rollback planning).
- Help implement and validate hardening baselines (e.g., CIS-aligned settings where applicable), local firewall rules, and least-privilege configuration.
- Assist with endpoint inventory and service/port inventory (what listens where, how it's accessed, and what controls are in place).
- Document procedures/runbooks for routine operations (patching, account provisioning, backup checks, log review).
- Help verify logging sources are enabled and forwarding properly (Windows Event Logs, Linux syslog/journald, SSH logs, application logs).
- Assist with basic alert tuning or dashboarding in [MITRE's SIEM/EDR/tooling] under supervision.
- Help collect and organize compliance evidence (screenshots, config exports, policy acknowledgements, logs) in a structured repository
- Support scoping activities: identifying in-scope systems, applications, accounts, and data flows involving CUI
- Participate in basic control implementation tasks aligned to NIST 800-171/CMMC Level 2 (e.g., access control, audit/logging, configuration management)
- Assist with configuring patching and update workflows consistent with an LTS approach (e.g., update rings, maintenance windows, rollback planning)
- Help implement and validate hardening baselines (e.g., CIS-aligned settings where applicable), local firewall rules, and least-privilege configuration
Basic Qualifications:- Currently enrolled in (or recently completed) a cybersecurity program or related field
- Familiarity with CMMC concepts and/or NIST SP 800-171 (coursework, labs, internship, or prior job exposure)
- Basic competency with Windows administration and/or Linux fundamentals (accounts, services, permissions, logs)
- Comfort using command-line tools and troubleshooting (PowerShell and/or Bash)
- Strong documentation habits: can write clear steps, capture evidence, and keep organized records
- Ability to handle sensitive information appropriately and follow security procedures
- Basic understanding of networking (ports, protocols, SSH tunneling, segmentation)
- Effective oral and written communication skills
Preferred Qualifications: - Exposure to any of: SSP/POA&M work, evidence collection, asset inventories, or audit prep
- Familiarity with endpoint management/patching tools (e.g., Intune, WSUS, SCCM, JAMF, apt/yum/dnf workflows)
- Familiarity with hardening guidance (CIS Benchmarks, STIG concepts) and basic firewall configuration
- Experience with Git, ticketing systems (Jira/ServiceNow), or documentation tools (Confluence/SharePoint)
- Basic understanding of networking (ports, protocols, SSH tunneling, segmentation)
- Must be eligible for a security clearance
This requisition requires the candidate to have a minimum of the following clearance(s):Not Applicable
This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):Not Applicable
Salary compensation range and midpoint:$54,500 - $68,000 - $81,500 Annual
Work Location Type:Hybrid
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Commitment to Non-DiscriminationAll qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.
MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please email for general support and for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.
Benefits information may be found here.
Copyright 1997-2026, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.
Never miss an opportunity! Create an alert based on the job you applied for.
