Internship: Cyber Security

  • Internship, Short-term contract assignment
  • Posted on 30 July 2025
  • Save for later

Job Description

Traineeship framework and profile

ESMA is organising a general call for expression of interests for a traineeship position. The purpose of this vacancy notice is to establish a reserve list of suitable candidates for future traineeship positions that may become available throughout the year.

The traineeship programme aims to offer graduate and undergraduate students a unique, first- hand insight into the work of ESMA, enabling them to apply their academic knowledge and gain professional experience within the multicultural environment of an EU agency.

Our traineeships are usually a mix between project- based work and process based work. Like this, trainees get the opportunity to contribute to the projects of their team and ‘hands on experience’ from participating in a daily work of their teams.

ESMA offers a 6-month traineeship which can be extended to a maximum of 12 months.

All eligible applications will automatically constitute a reserve list valid for two years after the closing date of the vacancy.

Main duties:

Depending on the specific domain, the selected candidate, under the direct supervision of the traineeship tutor, may be responsible for some of the following:

  • Digital Forensics and Incident Response (DFIR): Assisting in forensic investigations, analysing security incidents, and supporting incident response activities to mitigate and contain cybersecurity threats.
  • Security Operations Centre (SOC) Operations: Participating in the monitoring, detection, and response activities within the organization’s SOC.
  • Security Monitoring: Utilizing tools and platforms to continuously monitor security events, detect anomalies, and escalate potential security incidents.
  • Security Orchestration, Automation, and Response (SOAR) Automation: Developing and implementing automated security workflows and integrations, particularly utilizing Kusto Query Language (KQL), to streamline incident detection, analysis, and response processes.
  • Endpoint Protection and Management: Assisting in the deployment, configuration, and management of endpoint security solutions to protect user devices.
  • Threat Intelligence Integration: Supporting the collection, analysis, and integration of threat intelligence data to proactively identify and mitigate cybersecurity threats.
  • Conducting Risk Assessments: Supporting the identification and evaluation of security risks, and assisting in the development of mitigation strategies.
  • Policy and Procedure Development: Assisting in the creation, review, and dissemination of information security policies, procedures, and guidelines.
  • Security Awareness Training: Helping to develop and deliver security awareness training programs for employees.
  • Compliance Cybersecurity: Operations and Monitoring: Assisting in ensuring that the organization complies with relevant cybersecurity regulations and standards.
  • Vulnerability Management: Supporting the identification and remediation of security vulnerabilities within the organization’s systems and networks.
  • Data Protection: Assisting in the implementation and monitoring of data protection measures to prevent data loss and unauthorized access.
  • Security Audits: Participating in internal and external security audits and assessments.
  • Documentation: Maintaining and updating documentation related to security policies,procedures, incidents, and compliance efforts.
  • Research and Analysis: Conducting research on emerging security threats and trends, and providing analysis to support the CISO’s decision-making process.

Professional qualifications and other requirements

Eligibility criteria

  • be a national of a Member State of the European Union or the European Economic Area (EEA): Iceland, Liechtenstein or Norway;
  • have a good level in English;
  • be covered in the event of illness or accident by a national social security scheme or a private insurance policy, and
  • for “graduate traineeships”: have completed the first cycle of a higher education course and obtained a university degree or its equivalent (bachelor’s degree) OR
  • for “undergraduate traineeships”: have an official declaration from the relevant university.

Only qualifications that have been awarded in EU Member States or equivalent certificates issued by the authorities in the EU Member States shall be taken into consideration.

Candidates must satisfy all eligibility criteria and provide relevant supporting documents when submitting their application.

Selection criteria

The below mentioned requirements are advantageous (not obligatory), thus constitute an additional asset:

  • University degree in the field of cyber security, computer science, IT engineering, physics, mathematics, or another relevant disciplines in applied sciences;
  • Good IT and analytical skills;
  • Good interpersonal skills;
  • Critical thinking approach;
  • Ability and willingness to learn different cybersecurity disciplines;
  • Good understanding of Cyber-security concepts and practices;
  • Familiarity with one or more information security or cyber resilience concept such as cybersecurity governance, risk management, identity and access management, network security, threat intelligence, security assessment and vulnerability management;
  • Good drafting skills in English (presentations, speeches, articles, revision of documents);
  • Knowledge of the standard Microsoft applications (Excel, Word, PowerPoint, Teams);

How to apply

Applications must be submitted through ESMA’s e-Recruitment tool. Submissions by other means will not be considered. All sections of the application form must be completed in English. For instructions on completing the application, please refer to the Candidates Guidelines.

All correspondence will take place via email, therefore please ensure that the email address linked to your account is accurate and monitored regularly.

Applicants will be assessed based on the eligibility and selection criteria specified in the vacancy notice (as explained in Part 3), and these must be met by the deadline for submitting applications.

When a traineeship position becomes available in a department, designated representatives from the department will review the pool of eligible applications and shortlist candidates best matching the selection criteria and the profile required for the traineeship.

Shortlisted eligible candidates will be contacted by the HR Unit to confirm their interest in the given traineeship. Those who express interest and availability will be invited to participate in a video interview. Following the interview stage, the selected candidate will receive a conditional traineeship offer, subject to verification of the required eligibility documents (the complete list will be outlined in the offer).

The applications of candidates invited to interview but not selected will be retained in ESMA’s e-Recruitment system for two years from the closing date of this vacancy and may be considered for future traineeship opportunities.

Further information on the traineeship programme at ESMA (including the selection process, rights and duties of trainees, duration, grant, and leave entitlements etc.) can be found on

ESMA’s career website, under traineeships: https://www.esma.europa.eu/about- esma/careers.

Following the submission of the application candidates will receive an automatic email acknowledging receipt of the application.

Deadline for applications and validity of the reserve list:

The vacancy will remain open until 15/09/2025. All eligible applications constitute reserve list of suitable candidates valid for 2 years after the closing date of the vacancy, from which trainees can be selected throughout the year.

Similar Jobs