SPH Media Limited – Security Operations Intern

About the Role

We are seeking a motivated and curious Security Operations Intern to assist our team in researching emerging threats, supporting incident response, testing and reviewing security tools, and building insightful visualizations of security data.

This internship offers hands-on experience in modern cybersecurity operations, providing a unique opportunity to learn how real-world defenses are built, tested, and improved.

Key Responsibilities

1. Threat Research & Intelligence

Monitor and analyze threat feeds, dark web sources, and open-source intelligence (OSINT).

Support development of threat profiles and adversary TTP mappings (MITRE ATT&CK).

Assist in writing threat briefs, IOC summaries, and trend reports.

Experiment with automation tools for threat enrichment and correlation.

2. Incident Response (IR) Support

Help collect, organize, and document evidence during simulated and real incidents.

Participate in post-incident reviews, summarizing attack chains and lessons learned.

Work with SIEM/SOAR tools (e.g., Splunk, Sentinel, Elastic, Cortex XSOAR) to triage alerts.

3. Breach & Attack Simulation (BAS)

Design and execute controlled attack simulations using frameworks like Atomic Red Team, CALDERA, or Infection Monkey.

Compare simulation outcomes against detection rules and suggest tuning improvements.

Document detection gaps and propose new detection logic (Sigma, KQL, etc.).

4. Security Tool Review

Test and evaluate security platforms (EDR, NDR, threat intel, vulnerability scanners).

Create comparison matrices and feature summaries to aid procurement or optimization.

Report findings on usability, detection coverage, and integration potential.

5. Visualization & Reporting

Develop dashboards and visualizations (using Power BI, Kibana, Grafana, or Python) for threat trends, incident metrics, and simulation results.

Create visual storyboards to communicate complex security findings clearly to non-technical audiences.

Required:

Strong passion for cybersecurity, curiosity, and analytical thinking.

Familiarity with networking fundamentals, Windows/Linux OS internals, and common attack techniques.

Basic understanding of SIEMs, EDR tools, or threat intelligence concepts.

Comfortable using scripting languages (e.g., Python, PowerShell, Bash).

Good communication and documentation skills.

Preferred (nice-to-have):

Exposure to MITRE ATT&CK, Sigma rules, or YARA rules.

Experience with packet analysis (Wireshark) or log parsing (ELK/Splunk).

Knowledge of visualization tools (Tableau, Power BI, Kibana, etc.).

Coursework or labs in digital forensics, malware analysis, or SOC operations.