We are looking for a technical intern to help us audit and fortify our AWS environment. While many tools provide high-level dashboards, we need a "ground-truth" assessment driven by custom automation. Your goal is to build a suite of CLI-driven scripts that programmatically identify resiliency gaps and security misconfigurations across our application stacks.

You will act as a "Cloud Detective," mapping the dependencies of our critical applications and ensuring every underlying resource—from S3 buckets to IAM roles—meets our gold standard for resilience and least-privilege security.

 

Key Responsibilities

• Automated Resource Querying: Develop and execute scripts (AWS CLI, Boto3/Python, or similar) to pull real-time configuration data from our AWS environment.

• Dependency Mapping: Associate cloud resources (EC2, RDS, Lambda, etc.) with specific business applications to create a "Resiliency Map."

• Resiliency Auditing: Identify single points of failure, such ast S3 buckets lacking versioning, cross-region replication, or appropriate lifecycle policies.

• Security Configuration Review: Scan for "Star Principals" ("Principal": "*") in Resource-Based Policies and overly permissive IAM roles that violate the principle of least privilege.

• Health Metric Generation: Aggregate raw CLI output into structured health metrics (JSON/CSV) that can be used to track remediation progress.

The Deliverable

The primary output of this internship is the AWS Resilience & Security Audit Toolkit. This toolkit must include:

1. A Library of Query Scripts: Documented CLI/Python scripts capable of auditing specific domains (Storage, Identity, Compute).

2. The Application Dependency Matrix: A report mapping at least three core internal applications to their full AWS resource stack.

3. Gap Analysis & Remediation Guide: A list of "Critical vs. Warning" findings based on AWS Well-Architected Framework best practices.

4. Security "Hot-Spot" Report: A specific focus on IAM/Resource policies that allow unauthorized public access or lateral movement.

Examples of Technical Tasks

• S3 Resilience Check: Query all buckets to find any where VersioningConfiguration is disabled and  ReplicationConfiguration is missing for production-tagged data.

• IAM Policy Scraper: Identify all S3 bucket policies or SQS queue policies containing an Effect: Allow combined with a wildcard Principal.

• Orphaned Resource Search: Identify EBS volumes or Elastic IPs that are unattached but still incurring costs and posing a management risk.

• Currently pursuing a degree in Computer Science, Cloud Computing, or Cyber Engineering.

• Strong familiarity with the Linux command line and at least one scripting language.

• Cloud Knowledge: Basic understanding of AWS core services (S3, IAM, EC2, VPC). Experience with the AWS CLI is a significant plus.

• Conceptual Depth: Understanding of the "Blast Radius" concept and why "Star Principals" are a critical security risk.

Enabling your best to power a better media future.

Holistic Rewards: We are committed to an inclusive benefits package that supports our employees and their families. This includes comprehensive health and wellness plans, a 401(k) with a Nielsen company match, and a generous paid time off policy. Depending on the role, additional benefits may include a company-provided vehicle and/or discretionary incentive/bonus eligibility.

Compensation Transparency: The posted base salary range is a reasonable estimate that  may be adjusted based on the final work location of the selected employee. Individual pay within the range is determined by factors such as experience, training, geography, certifications, and business needs. Beyond base salary, this role may be eligible for bonuses, equity, or other incentives.

Nielsen makes hiring decisions without regard to disability status, protected veteran status, or membership in any other protected class.

Please be aware that job-seekers may be at risk of targeting by scammers seeking personal data or money. Nielsen recruiters will only contact you through official job boards, LinkedIn, or email with a nielsen.com domain. Be cautious of any outreach claiming to be from Nielsen via other messaging platforms or personal email addresses. Always verify that email communications come from an @nielsen.com address. If you're unsure about the authenticity of a job offer or communication, please contact Nielsen directly through our official website or verified social media channels.