Endpoint Troubleshooting & Log-Analysis (EPP) Intern [Summer Internship]

Endpoint Troubleshooting & Log-Analysis (EPP) Intern [Summer Internship] About Us At Netwrix, our mission is to revolutionize data security by placing identity at the core - providing unparalleled visibility and control. Engineered and supported by over 900 highly talented, motivated employees and hundreds of trusted partners in nearly every geography, Netwrix solutions are relied upon daily by security professionals across more than 13,500 organizations in over 100 countries around the world. Over the past two decades, Netwrix has expanded its market presence through innovation, organic growth, and strategic acquisitions, and are proud to be backed by renowned private equity firms, TA Associates and Centerbridge Partners. Netwrix maintains a global presence, fostering a remote-first work environment while encouraging and facilitating frequent face-to-face interaction with colleagues, customers, and partners. Cyber Future Summer Internship Do you want to build a safer digital future ? Are you excited to collaborate with global teams and customers to solve real-world cybersecurity challenges? The Cyber Future Summer Internship at Netwrix gives you the opportunity to do exactly that. This is a hands-on, project-driven program where you will take ownership of meaningful initiatives that protect data, improve processes, and empower teams worldwide. From day one, you will be embedded in a team, assigned a clearly defined project, and expected to deliver measurable outcomes by the end of the program. This is not a shadowing program — you will build, analyze, create, improve, and present , all while contributing to making digital environments safer for businesses and their customers. Program Dates are 1 July 2026 – 11 September 2026 and this role will be hybrid with visits to Kraków office. This is a paid internship. Position Overview You will own key parts of an end-to-end log-analysis experience for EPP telemetry: transforming noisy, heterogeneous endpoint logs into structured events, building search and correlation capabilities, and creating investigator workflows (CLI or UI) that speed root-cause analysis. The project blends data engineering, security telemetry and UX for investigation and can include analytics or lightweight ML for anomaly detection. Responsibilities Design and implement log-analysis pipelines that accept endpoint telemetry (agent logs, Sysmon/ETW, syslog, process/network snapshots, registry/fs metadata) and emit structured, time-normalized events. Create robust parsers/normalizers and schemas for heterogeneous logs (Windows, Linux, macOS), including timestamp normalization, field mapping, and basic enrichment (hostname, user, process ancestry). Implement correlation and aggregation logic to link events into investigation artifacts (process chains, network flows, file lineage). Provide fast search/query capabilities and investigator tooling (CLI and/or lightweight web UI) for ad-hoc triage, timeline building, and automated packaging of evidence for bug reports. Prototype detection aids: rule-based correlation, heuristics, or simple anomaly detectors to highlight suspicious or failure-related behavior. Build test harnesses and reproducible scenarios to validate parsing/correlation and ensure deterministic outputs for common agent failures. Instrument the pipeline for observability (latency, failure modes, reliability) and optimize for low resource usage and predictable performance. Produce documentation, runbooks, and a demo that shows the investigator workflow from raw log → analysis → root-cause. Expected deliverables Working prototype of a log-analysis pipeline ingesting multiple endpoint sources. Parsers and normalization rules for the three primary OSes (Windows/Linux/macOS). Investigator CLI or web UI for search, timeline view, correlation, and packaging evidence. At least two reproducible failure scenarios with automated tests that validate the pipeline output. Demo, documentation ... (truncated, view full listing at source)