Wave Life Sciences logo

IT Cybersecurity Co-op (Fall 2026)

Wave Life Sciences
5 hours ago
On-site
Lexington, MA
IT

Role Summary

Cybersecurity Co-op to join the IT Security team for a six-month full-time assignment. You will gain hands-on experience across multiple areas of enterprise cybersecurity, including threat monitoring, vulnerability management, identity and access initiatives, third-party risk assessments, AI/ML security, policy and compliance, and security awareness programs. Work closely with security engineers and IT leaders to develop technical and analytical skills and contribute to the protection of Waveโ€™s systems, data, and people.

Responsibilities

  • Assist in Threat Monitoring, Response, and Security Tools Integration
    • Support the Security Operations Center (SOC) by monitoring alerts from CrowdStrike and other security platforms, investigating suspicious activity, and escalating incidents following defined playbooks.
    • Learn how to perform initial triage and enrichment of security events, document findings, and contribute to root-cause analyses.
    • Identify integration and ingestion points for security tools, focusing on improving telemetry and automation within the CrowdStrike platform and related systems.
  • Vulnerability Management
    • Assist in scheduling, running, and reviewing vulnerability scans across endpoints, servers, cloud environments, and network infrastructure.
    • Track remediation efforts in collaboration with IT operations teams, ensuring patches and fixes are applied in a timely manner.
    • Help maintain reporting dashboards to communicate remediation progress, trends, and compliance against defined SLAs.
  • Support Zero Trust and Identity Initiatives
    • Participate in projects to advance Waveโ€™s Zero Trust strategy, including implementation of passwordless authentication methods and biometric access controls.
    • Assist in reviewing role-based access control (RBAC) configurations to ensure least-privilege principles are consistently applied.
    • Contribute to documentation and testing for new identity governance initiatives, including access recertification and MFA expansion.
  • Third-Party Risk Assessment
    • Support the evaluation of IT vendors and managed service providers (MSPs) by gathering documentation, reviewing security questionnaires, and scoring vendor cybersecurity posture.
    • Help maintain third-party risk registers, coordinate remediation plans with vendor contacts, and track progress against action items.
    • Learn how to leverage tools to expand third-party risk insights and reporting.
  • AI and ML Risk Support
    • Contribute to cyber-AI risk assessments, focusing on the security and governance of open-source machine learning tools and large language model (LLM) integrations.
    • Assist in documenting risks related to data privacy, model security, and supply-chain vulnerabilities.
    • Support the development of mitigation strategies and tracking of open AI-related risks.
  • Policy and Compliance Support
    • Assist in reviewing, updating, and publishing cybersecurity policies and procedures to ensure alignment with evolving best practices and regulatory requirements.
    • Help manage the Written Information Security Program (WISP) and related documentation.
    • Support mock assessments and evidence collection for frameworks such as ISO 27001 and NIST CSF to prepare for external audits.
  • Security Awareness and Training
    • Assist in designing, executing, and analyzing phishing simulations and security awareness campaigns.
    • Help deliver cybersecurity training sessions, gather feedback, and identify opportunities for improvement.
    • Contribute to the development of shorter, focused training modules to increase employee engagement and knowledge retention.

Qualifications

  • Required: Enrolled in a Computer Science or related bachelorโ€™s degree program at an accredited college/university.
  • Required: GPA of 3.0 or higher.
  • Required: Strong Windows OS background.
  • Required: Strong written and verbal communication skills.
  • Required: Must be well-organized and able to work in a team environment.
  • Required: Ability to manage responsibilities in a fast-paced environment.
  • Required: Able to take direction needed to resolve incidents quickly and effectively.
  • Required: Able to complete routine tasks independently over time, gaining functional, technical, and problem-solving skills needed to complete assignments.
  • Preferred: None specified beyond stated GPA.

Skills

  • Cybersecurity fundamentals
  • Threat monitoring and incident response
  • Vulnerability assessment and remediation
  • Identity and access management concepts
  • Zero Trust concepts
  • Vendor risk management
  • AI/ML security considerations
  • Policy, compliance, and audit readiness
  • Security awareness and training design

Education

  • Bachelorโ€™s degree in Computer Science or related field (in progress)

Additional Requirements

  • None listed beyond role-specific qualifications.