IT Cybersecurity Co-op (Spring 2026)

Wave Life Sciences is a biotechnology company focused on unlocking the broad potential of RNA medicines to transform human health. Our RNA medicines platform, PRISM, combines multiple modalities, chemistry innovation and deep insights in human genetics to deliver scientific breakthroughs that treat both rare and prevalent disorders. Our toolkit of RNA-targeting modalities includes editing, splicing, RNA interference and antisense silencing, providing us with unmatched capabilities for designing and sustainably delivering candidates that optimally address disease biology. Our diversified pipeline includes clinical programs in Duchenne muscular dystrophy, Alpha-1 antitrypsin deficiency and Huntington’s disease, as well as a preclinical program in obesity. Driven by the calling to “Reimagine Possible”, we are leading the charge toward a world in which human potential is no longer hindered by the burden of disease.

Wave Life Sciences is seeking a motivated and detail-oriented Cybersecurity Co-op to join our IT Security team for a six-month full-time assignment. In this role, you will gain hands-on experience across multiple areas of enterprise cybersecurity including threat monitoring, vulnerability management, identity and access initiatives, third-party risk assessments, AI/ML security, policy and compliance, and security awareness programs. This is an opportunity to work closely with security engineers and IT leaders, develop technical and analytical skills, and directly contribute to the protection of Wave’s systems, data, and people.

Responsibilities

Assist in Threat Monitoring, Response, and Security Tools Integration

• Support the Security Operations Center (SOC) by monitoring alerts from CrowdStrike and other security platforms, investigating suspicious activity, and escalating incidents following defined playbooks.
• Learn how to perform initial triage and enrichment of security events, document findings, and contribute to root-cause analyses.
• Identify integration and ingestion points for security tools, focusing on improving telemetry and automation within the CrowdStrike platform and related systems.

Vulnerability Management

• Assist in scheduling, running, and reviewing vulnerability scans across endpoints, servers, cloud environments, and network infrastructure.
• Track remediation efforts in collaboration with IT operations teams, ensuring patches and fixes are applied in a timely manner.
• Help maintain reporting dashboards to communicate remediation progress, trends, and compliance against defined SLAs.

Support Zero Trust and Identity Initiatives

• Participate in projects to advance Wave’s Zero Trust strategy, including implementation of passwordless authentication methods and biometric access controls.
• Assist in reviewing role-based access control (RBAC) configurations to ensure least-privilege principles are consistently applied.
• Contribute to documentation and testing for new identity governance initiatives, including access recertification and MFA expansion.

Third-Party Risk Assessment

• Support the evaluation of IT vendors and managed service providers (MSPs) by gathering documentation, reviewing security questionnaires, and scoring vendor cybersecurity posture.
• Help maintain third-party risk registers, coordinate remediation plans with vendor contacts, and track progress against action items.
• Learn how to leverage tools such as BlackKite to expand third-party risk insights and reporting.

AI and ML Risk Support

• Contribute to cyber-AI risk assessments, focusing on the security and governance of open-source machine learning tools and large language model (LLM) integrations.
• Assist in documenting risks related to data privacy, model security, and supply-chain vulnerabilities.
• Support the development of mitigation strategies and tracking of open AI-related risks.

Policy and Compliance Support

• Assist in reviewing, updating, and publishing cybersecurity policies and procedures to ensure alignment with evolving best practices and regulatory requirements.
• Help manage the Written Information Security Program (WISP) and related documentation.
• Support mock assessments and evidence collection for frameworks such as ISO 27001 and NIST CSF to prepare for external audits.

Security Awareness and Training

• Assist in designing, executing, and analyzing phishing simulations and security awareness campaigns.
• Help deliver cybersecurity training sessions, gather feedback, and identify opportunities for improvement.
• Contribute to the development of shorter, focused training modules to increase employee engagement and knowledge retention.

Qualifications

• Enrolled in a Computer Science or a related field bachelor’s degree program at an accredited college/university.
• A GPA of 3.0 or higher is preferred.
• Strong Windows OS background.
• Strong written and verbal communication skills.
• Must be well-organized and have the ability to work in a team environment.
• Ability to manage responsibilities in a fast-paced environment.
• Able to take direction needed to resolve incidents quickly and effectively.
• Able to complete routine tasks independently over time. This includes gaining the functional, technical, and problem-solving skills needed to complete assignments.

Wave Life Sciences provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Wave Life Sciences complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Wave Life Sciences expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Wave Life Sciences’ employees to perform their job duties may result in discipline up to and including discharge.

We value our relationships with professional recruitment firms. To protect the interests of all parties and given the large volume of inquiries received from third-party placement agencies, we are not able to respond to all agency inquiries. We do not accept unsolicited resumes from any source other than directly from candidates for current or future positions. Submission of unsolicited resumes in advance of a signed agreement between our company and a placement agency does not create an implied obligation and, if an unsolicited candidate represented by a placement agency is hired, we are not obligated to pay a fee. Only approved recruitment firms will be allowed to provide services to Wave Life Sciences, USA.