Application Security Intern

Overview

The InfoSec team is responsible for finding and solving the biggest security risks facing our applications and infrastructure. As an engineering team ourselves we do this by building paved roads and guardrails. We believe that the secure option should also be the easiest option for our users. Were looking for a strong Engineer with a deep understanding of securing applications in a Cloud-native world to help us execute this vision.

Learning Opportunities & Professional Development The Application Security Intern will gain hands-on experience in identifying and analyzing application vulnerabilities supporting secure code reviews and contributing to the improvement of secure development processes. By the end of the program the intern will have developed practical skills in application security testing supported the integration of security into CI/CD pipelines and delivered a capstone project that strengthens ATPCOs application security posture.

You will:

Develop automated security testing for centralized security libraries which scale directly with developer needs and enable them to write secure code more easily.

Participate in the review and improvement of secure software development lifecycle (SDLC) processes.

Have significant ownership in and evangelize security training with development teams.

Drive initiatives which scale application security and holistically address application vulnerabilities.

Be able to review application and infrastructure code in context and defend findings.

Research and present emerging threats vulnerabilities and mitigation techniques.

Support and consult with product and development teams in application security including threat modeling and AppSec reviews.

Assist teams in reproducing triaging and remediating application security vulnerabilities.

Assist in development of security processes and automated tooling that prevent classes of security issues.

With a focus on AWS build the application specific security components of the next phase of ATPCOs Cloud infrastructure shaping secure application development for years to come.

Build automation to help us discover measure and contextualize application security issues.

Partner with platform teams to deliver solutions that permanently solve entire categories of security risk.

Participate in varied penetration testing and vulnerability assessments of applications operating systems and/or networks.

Key Skills / Academic Background

Current student pursuing a degree in Computer Science Cybersecurity Information Technology Software Engineering or related field

Foundational understanding of secure coding principles and common web/app vulnerabilities (e.g. OWASP Top 10 CWE)

Familiarity with application security testing tools such as SAST (Checkmarx) DAST (e.g. Burp Suite OWASP ZAP) or SCA (dependency scanning) is a plus

Experience with scripting/programming languages (Python JavaScript Bash or similar) to automate security tasks

Basic understanding of cloud application security fundamentals

Awareness of DevSecOps practices and integrating security into CI/CD pipelines is a plus

Strong analytical and problem-solving skills with high attention to detail

Excellent written and verbal communication skills especially in documenting and explaining vulnerabilities to developers

Ability to collaborate effectively with cross-functional teams (developers DevOps security engineers)

Additional Information :

At ATPCO we are deeply committed to diversity equity and inclusion. Our supportive policies promote work-life balance through flexible work arrangements and we cultivate a workplace where every employee feels valued respected and a true sense of belonging.

We consider qualified applicants for employment without regard to race gender age color religion national origin citizenship status marital status disability sexual orientation protected military/veteran status gender identity or expression genetic information marital status medical condition or any other legally protected factor

All your information will be kept confidential according to EEO guidelines.

Remote Work :

Yes

Employment Type :

Part-time