Intern - Security Analyst

IT Security / Hybrid / Fall 2025 Internship / Full-time / Quebec / Montreal

Our information security protection and analysis team is currently looking for a Security Analyst (Intern) to join its team.

Specific Responsibilities

In the context of operational security:

• Support development teams in integrating AppSec tools.
• Maintain and automate security analysis tools (AST).
• Participate in the implementation of AppSec tools in CI/CD pipelines.
• Contribute to the maintenance of security infrastructure.
• Use automated tools to detect vulnerabilities.
• Participate in the continuous improvement of cybersecurity practices.
• Conduct investigations, including on compromise vectors, through security logs and various protection and detection tools and equipment.
• Perform required analyses and recommend corrective measures to be implemented.
• Collaborate in the implementation of activities aimed at ensuring and improving the overall health of IT services and processes.

In the context of projects:

• Advise IT delivery teams in defining their objectives and the scope of their projects in terms of information security.

• Identify security requirements according to the project context, ensuring alignment with the information security normative framework.
• Identify and categorize informational assets in accordance with the organizational risk appetite of IT asset owners.
• Identify and assess risk scenarios to mitigate residual risks, then present them to asset owners with a concrete action plan.
• Model and detail access by defining roles, user groups, and their relationships.

Desired profile:

• Currently studying for a bachelor's or a college degree in computer science, business administration (IT focus), or any related field.
• Must complete a university-accredited internship in fall 2025.
• Be familiar with the software development lifecycle (SDLC), DevOps, ITIL.
• Possess a good understanding of regulatory requirements associated with affected business domains, applicable industry frameworks (NIST, ISO 27001, etc.) to be able to apply best practices in information security.
• Basic Knowledge: 
  • Encryption tools
  • Static (SAST) and dynamic (DAST) analysis
  • Software composition analysis (SCA)
  • Container image analysis
  • Automation and scripting (Python, Bash, PowerShell)
• Familiarity with:
  • OWASP Top 10
  • Web development (JavaScript/TypeScript)
  • Software development (.NET, Java)
  • Databases (SQL, NoSQL)
  • Git (version control)
  • DevOps tools (CI/CD, pipelines)
  • Test-driven development (TDD)
  • Agile methodologies
  • AppSec tools (SCA, SAST, image scanning, etc.)
  • Threat modeling

Does this job description sound like you? Don't wait any longer, apply now!