Carnot Recruitment Information/💼Position/🛡️SOC2 Filing Intern
🛡️

SOC2 Filing Intern

Job Description: SOC 2 Compliance Intern
Location: San Francisco
Commitment: Part-time (10 hours per week at least)
Duration: 3–6 months (with potential extension)
About Us
We are a fast-growing AI startup working with enterprise customers. As part of building trust with our partners, we are preparing for a SOC 2 Type II audit. To support this process, we're looking for a motivated intern to help us organize, document, and maintain our compliance program.
 
Role Overview
As a SOC 2 Compliance Intern, you will work closely with our leadership team to implement and maintain security, compliance, and audit readiness processes. This role is highly detail-oriented and process-driven, and you will gain hands-on experience with compliance automation platforms and cloud security practices.
You don't need to be a programmer, but you do need to be comfortable with technology, cloud dashboards, and structured documentation.
 
Responsibilities
  • Assist with SOC 2 evidence collection (screenshots, logs, system settings, reports)
  • Maintain and update compliance documentation and policies (access control, vendor risk management, incident response)
  • Work in a compliance automation platform (e.g., Vanta, Drata, or Secureframe) to track tasks, upload evidence, and monitor controls
  • Coordinate with engineers and HR to verify security practices (MFA enabled, offboarding complete, vendor security reviewed)
  • Support internal reviews of compliance controls and flag gaps for remediation
  • Help prepare materials for annual SOC 2 audits and interact with auditors as needed
  • Keep an organized schedule of recurring tasks (monthly access reviews, log exports, etc.)
 
What You'll Learn
  • Hands-on experience with SOC 2 Type II compliance, a key standard for SaaS and enterprise software companies
  • Exposure to security and IT governance practices
  • How to work with compliance automation platforms and real auditors
  • Cross-functional communication skills with engineering, HR, and leadership teams
 
Requirements
  • Strong attention to detail and organizational skills
  • Comfort with technology: navigating cloud dashboards (AWS, GCP, or similar), using productivity tools, and learning new software quickly
  • Clear communication skills, able to follow up with team members politely but persistently
  • Interest in security, compliance, or IT governance
 
Nice-to-Have
  • Familiarity with MFA, SSO, and basic IT security concepts
  • Prior experience in IT support, QA, operations, or security coursework
  • Strong documentation and writing skills
 
Why Join Us?
This is an opportunity to build practical compliance experience at the intersection of startups, cloud infrastructure, and enterprise security. SOC 2 knowledge is highly valued in the industry. You'll come away with skills directly transferable to roles in security, governance, and risk management.