About the Company

At Cactus Communications, we are dedicated to breaking down barriers between science and researchers. We operate as a science communication and technology company, specializing in the development of AI-powered products and solutions that enhance the funding, publication, communication, and discovery of research. At CACTUS, we foster an “accelerate from anywhere” culture that underpins our commitment to high performance and innovation. Flexibility is not merely a benefit; it is the cornerstone of our productivity. By empowering our teams to work when and where they are most effective, we ensure that innovation, drive, and excellence remain central to everything we do. Together, we Power research and Empower people.

Job Description

The DevOps team is seeking a motivated Information Security & Compliance Engineer Intern who will be primarily responsible for performing initial-level, regular information security audits. This role involves ensuring adherence to all relevant cybersecurity laws and regulations, and establishing and maintaining compliance standards across various web properties, business verticals, and internal teams. The successful candidate will be adept at managing multiple projects and tasks concurrently, demonstrating strong organizational skills and the ability to prioritize effectively. As an integral member of our DevOps team, the intern will work closely and collaboratively with the Editage, Researcher Life, Cactus Lab, Information Security Management System (ISMS), and Legal departments.

Responsibilities

• Administer and conduct regular reviews of access control mechanisms to safeguard sensitive data and systems.
• Perform periodic audits of database (DB), Virtual Private Network (VPN), Jira, Confluence, and Git repository permissions across all teams to identify and mitigate potential security risks.
• Manage the process of revoking access privileges for departing employees to maintain data confidentiality and integrity.
• Conduct regular assessments of implemented compliance measures to verify their effectiveness and identify areas for improvement.
• Execute User Acceptance Testing (UAT) for smaller-scale projects to ensure that security requirements are met during the development lifecycle.
• Proactively follow up on technology-related projects, providing regular status updates to stakeholders to ensure projects remain on track and potential roadblocks are addressed promptly.
• Conduct internal Vulnerability Assessment and Penetration Testing (VAPT) on company websites to identify and remediate security vulnerabilities.
• Perform regular reviews of existing security protocols to ensure they remain effective against evolving threats.
• Conduct periodic reviews of Data Privacy Impact Assessments (DPIAs) to evaluate the potential privacy risks associated with new or existing projects and systems.
• Respond to security questionnaires received from both potential and existing clients, providing accurate and comprehensive information about our security posture.
• Assist the Information Security Management System (ISMS) team in conducting ISO 27001 information security audits, ensuring alignment with industry best practices and regulatory requirements.

Qualifications

• Demonstrated understanding of fundamental Information Security Principles and concepts.
• Working knowledge of application security best practices and methodologies.
• Familiarity with the OWASP Top 10 Vulnerabilities and their potential impact on web applications.
• Proficiency in relevant technologies, including HTML, scripting languages (e.g., Python, JavaScript), SQL, and basic Unix commands.
• Understanding of fundamental networking concepts, including protocols (e.g., TCP/IP, DNS), ports, Transport Layer Security (TLS), HTTP, and HTTPS.
• Knowledge of Personal Data Privacy Laws and regulations, such as the General Data Protection Regulation (GDPR) and Privacy and Electronic Communications Regulations (PECR).
• Familiarity with security testing tools such as ZAP and BurpSuite is highly desirable.
• Basic understanding of Amazon Web Services (AWS) Cloud computing platform and its security features.
• A strong willingness to learn new technologies and efficiently complete assigned tasks.

Skills

ATS Keywords

Frequently Asked Questions

Other Information

CACTUS Communications operates as a remote-first organization, fostering a culture that supports accelerated productivity from any location. While the company embraces remote work, occasional travel to our Mumbai office may be required for specific business needs or participation in company-wide or team-based events.
Includes benefits applicable to roles located in the US, UK, Japan, China, and Korea.
Our hiring practices are firmly rooted in our commitment to providing equal opportunities to all individuals. We strive to cultivate an inclusive environment where every employee can thrive, develop their skills, and achieve their full potential. We celebrate the unique qualities of our team members and strictly prohibit discrimination of any kind, whether based on race, color, religion, gender identity, sexual orientation, age, marital status, disability, or any other characteristic protected by applicable law.

Tags