Information Security Co-op
About the role
Citrine Technologies is seeking an Information Security Co-op student who is interested in developing practical experience across cybersecurity operations, governance, risk and client service delivery.
Working with members of the Citrine team, you will support security assessments, documentation, monitoring activities, vulnerability-management processes and the implementation of practical security improvements for client environments.
This role is designed for a student who wants exposure to the way cybersecurity is applied in real organizations—not only through tools, but through risk analysis, governance, communication and disciplined execution.
Key responsibilities
- Support information-security assessments and document identified risks, gaps and recommended actions.
- Assist with vulnerability-management activities, including reviewing findings, organizing remediation actions and tracking status.
- Support security monitoring and alert-review processes under the direction of experienced team members.
- Assist with Microsoft 365 and endpoint-security reviews, including identity, access, device and configuration controls.
- Contribute to the development and maintenance of security policies, procedures, standards and client documentation.
- Support third-party and vendor-risk reviews by gathering evidence and documenting security observations.
- Assist with cybersecurity awareness materials, client communications and internal knowledge resources.
- Perform research on emerging threats, technologies, regulatory requirements and security best practices.
- Maintain accurate working papers, action trackers and evidence for assigned activities.
- Participate in team meetings and communicate progress, questions and risks clearly.
What you will learn
- How managed cybersecurity services are delivered to small and mid-sized organizations.
- How technical findings are translated into business risk and practical remediation priorities.
- How security controls are assessed across identity, endpoints, Microsoft 365, cloud services and vendors.
- How governance, policy, documentation and evidence support an effective cybersecurity program.
- How to communicate security observations clearly to both technical and non-technical stakeholders.
Required qualifications
- Currently enrolled in a recognized post-secondary program in cybersecurity, information technology, computer science, information systems or a related discipline.
- Eligible to complete a formal co-op or internship work term through the academic institution.
- Foundational understanding of cybersecurity concepts such as access control, vulnerability management, endpoint security, networking and data protection.
- Strong written communication, attention to detail and willingness to maintain accurate documentation.
- Ability to organize tasks, follow defined procedures and ask questions when requirements are unclear.
- Professional judgement and respect for confidential client and company information.
- Ability to work independently while collaborating effectively with a small, growing team.
Preferred qualifications
- Coursework, projects or labs involving Microsoft 365, Azure, networking, security operations, governance or risk management.
- Familiarity with security frameworks or standards such as NIST Cybersecurity Framework, CIS Controls or ISO/IEC 27001.
- Exposure to PowerShell, Python, Power Automate or another scripting and automation tool.
- Participation in cybersecurity clubs, competitions, personal labs, certifications or security-related volunteer work.
- Interest in combining technical cybersecurity work with governance, risk and client communication.
What success looks like
You complete assigned work accurately, maintain reliable documentation, communicate progress early and demonstrate increasing independence throughout the work term. You are curious, professional and able to connect technical observations to practical security outcomes.