Internship - Information Security & Defence Compliance at Fiducial

OPENING WE CANNOT PROVIDE VISA SPONSORSHIP DETAILS Preferred starting date: ASAP Weekly availability: full-time (5 days/week) Location: Aerospace Innovation Hub, Delft, the Netherlands ABOUT THE COMPANY Fiducial is a young but fast-growing deep-tech start-up with big ambitions at the frontier of autonomy, perception, and defence. Currently, we are developing software for advanced on-board UAV situational awareness in military applications. Using low-cost and widely available sensors and compute, our solutions are built for scalability. From there, we plan to develop a line-up of interconnected solutions to safeguard European safety. Our team consists of engineers that are passionate about the technology and solutions they develop. The only time most of us are not thinking about the technology is when we are asleep, and sometimes even then. Our team members have a background in different fields such as Aerospace Engineering, Computational Science and Engineering, Robotics and Computer Graphics. Our office is located in the Aerospace Innovation Hub, a start-up hub located on the TU Delft campus in the faculty of Aerospace Engineering. We work closely with top-tier partners, ranging from government agencies and prime contractors to academic research institutes and other start-ups. Our projects span from large tender orders in collaboration with partners to low TRL research with government agencies. Whether through formal R&D programs or rapid prototyping tracks, we operate at the intersection of innovation and deployment. Given the nature of our work, security, compliance, and controlled access to technology are core to how we operate. This is not an afterthought , it is embedded in how we design, build, and deliver our systems. YOUR ROLE As an Information Security & Defence Compliance Intern, you will support the design and implementation of Fiducial’s internal security and compliance framework in a highly regulated and security-sensitive environment. This role combines governance, compliance, and technical understanding. You will not be building production systems, but you are expected to understand how systems work and how security applies to them. Your work will include: - Supporting the setup of our Information Security framework (based on ISO 27001 principles) - Assisting in implementing defence-oriented security practices (e.g. need-to-know access, controlled environments, strict data handling) - Translating security requirements into practical guidelines for engineering teams - Mapping systems, data flows, and access patterns across our infrastructure - Supporting secure configuration practices (access control, secrets handling, device security) - Structuring and documenting internal policies (access control, asset management, data classification, etc.) - Helping define and maintain asset registers, risk registers, and classification schemes - Supporting export-control-related processes from a security perspective (controlled releases, data access, segregation) - Identifying gaps between current practices and required security standards You will work closely with both leadership and engineering teams, acting as a bridge between technical implementation and security/compliance requirements. You are expected to engage with engineers and understand systems, but your role is to structure, not to build. SECURITY & COMPLIANCE CONTEXT You will be exposed to security practices inspired by regulated environments, where access to technology, data, and systems is strictly controlled and documented. Our approach is: - Structured using principles aligned with ISO 27001 - Informed by evolving regulatory requirements such as NIS2 - Influenced by defence-oriented security models (e.g. strict access control, compartmentalization, operational security discipline) This means working in an environment where security is not optional, but enforced by design. WHAT WE EXPECT FROM YOU Currently studying Cybersecurity, Computer Science, Information Security, or similar - Strong interest in security beyond “ethical hacking” (focus on systems, risk, and structure) - Able to understand how software systems are built (basic architecture, APIs, data flows) - Comfortable reading technical documentation and asking the right questions - Structured and analytical mindset - able to translate complexity into clear documentation - Independent and proactive - you take ownership and figure things out Basic technical understanding of: - Authentication and access control (users, roles, permissions) - Networking fundamentals (how systems communicate, basic segmentation) - Data handling and data flows - Secure handling of credentials and secrets Strong plus: - Familiarity with Git, Linux, or cloud environments - Exposure to ISO 27001 / NIST / CIS controls - Interest in defence, dual-use, or regulated environments WHAT WE OFFER - 1000 euro monthly compensation. - 10 vacation days during internship period. - (Really) flexible working hours and option to work from home 2 days per week. - Have a direct and significant influence on highly innovative products. - The opportunity to iterate quickly with tight feedback loops, close to the product. We are innovating, learning is to be expected. - Responsibility over the things you implement, you are the expert on what you build. THE APPLICATION PROCEDURE - If after reading the above you are convinced you are the right person for the job, send us some information about yourself; this can be a resume, website or other source, as long as we get a clear impression of your background and skills. - We’ll get back to you as soon as possible. If we see a potential fit, you’ll first receive a short follow-up questionnaire. Based on your answers, we’ll invite you for an interview. This interview is an opportunity to talk through a real problem/scenario and show us you think and communicate. - If at this point we feel you are the person we are looking for, we’ll discuss the specifics. - Welcome to the team!