Cybersecurity Intern at Circular Action Alliance – Remote

Vision
The leading Producer Responsibility Organization implementing the circular economy through paper and packaging.

Mission
Circular Action Alliance (CAA) helps producers comply with Extended Producer Responsibility (EPR) laws, delivers harmonized best-in-class services, and works with governments, businesses, and communities to reduce waste and increase recycling.

Role Overview

The Cybersecurity Intern will support our small IT/security team in protecting staff, volunteers, and client data across our nonprofit systems and cloud services. This role is ideal for student or early-career professionals who want hands-on experience with Microsoft Defender, Cloudflare, 1Password, and security awareness platforms in a real production environment with limited budgets and high mission impact.

Key Responsibilities

• Monitor and triage security alerts from Microsoft Defender (endpoints, identity, and email) and escalate issues to the IT/security lead.
• Review Microsoft 365 and Azure AD sign-in logs and conditional access alerts for suspicious activity, such as impossible travel, risky sign-ins, and MFA failures.
• Assistwith managing Cloudflare security, including reviewing DNA and bot protection events
• Assistwith managing 1Password for teams, including onboarding and offboarding users,organizingvaults, reviewing access permissions, and encouraging strong password and passkey practices.
• Support phishing and security awareness programs using KnowBe4 to help develop campaigns, track outcomes, and prepare short training sessions and follow-up communications for staff.
• Assistwith vulnerability and configuration assessments on Windows endpoints and key SaaS services, documentingfindingsand tracking remediation efforts.
• Help respond to basic security incidents. Such as suspectedphishing, account compromise, or malware alerts, following documented playbooks and runbooks.
• Assistin documenting security procedures, checklists, and “how-to” guides designed for non-technical staff and volunteers.
• Participate in at least one focused project, such as improving 1Password usage, tightening M365 security baselines, or enhancing phishing simulations, thatalignwith both your interests and the organization’s needs.

Learning Outcomes

By the end of the internship, the intern will be able to:

• Explain and apply basic security principles in a nonprofit IT environment,includingprivilege, MFA, and secure password management.
• Use Microsoft Defender and related logs toidentifyand document common threats like phishing, malware, and suspicious sign-ins.
• Support the deployment and adoption of 1Password as an enterprise password manager to decrease password reuse and enhance credential hygiene.
• LearnhowCloudflare safeguards web asserts andidentifytypical DNS problems in real-world scenarios.
• Assistin planning and executing security awareness and phishing campaigns that promote culture change instead of assigning blame.

Skills & Competencies

Qualifications

• Currently pursuing anAssociate’s,Bachelor's,orMaster’sdegree in Cybersecurity, Information Technology, Computer Science, or a related field
• Engaging in equivalent self-directed learning such as certificates or bootcamps.
• Solid understanding of networking, operating systems (especially Windows), and key security concepts like MFA, phishing, and least privilege.
• Knowledge of Microsoft 365 and fundamental cloud concepts.
• Interest in learning enterprise tools like Microsoft Defender, Cloudflare, and 1Pasword (prior experience is a plus but notrequired)
• Strong communicationskills and patience when working with non-technical staff in a mission-driven environment.
• Proven reliability, confidentiality, and integrity in managing sensitive information.

Compensation & Other Information

• Location:Fully Remote
• PayRate: $25.00 per hour. Since this is a temporary position, it is not eligible for benefits
• This is a Part-Time Internship 20-25 hours per week
• Interns must have their own laptop and access to high-speed internet.
• Reports To:Jeff Gray, Director of IT Infrastructure & Cyber Security

Circular Action Alliance is an equal employment opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex (including pregnancy, childbirth, lactation, and related medical conditions), national origin, military or veteran status, sexual orientation, gender identity, age or any other category protected by applicable federal, state, or local law. If you require accommodation as part of the application process, please contact careers@circularaction.org.