Application Security Intern

Overview

The InfoSec team is responsible for finding and solving the biggest security risks facing our applications and infrastructure. As an engineering team ourselves, we do this by building paved roads and guardrails. We believe that the secure option should also be the easiest option for our users. We’re looking for a strong Engineer with a deep understanding of securing applications in a Cloud-native world to help us execute this vision.

Learning Opportunities & Professional Development The Application Security Intern will gain hands-on experience in identifying and analyzing application vulnerabilities, supporting secure code reviews, and contributing to the improvement of secure development processes. By the end of the program, the intern will have developed practical skills in application security testing, supported the integration of security into CI/CD pipelines, and delivered a capstone project that strengthens ATPCO’s application security posture.

You will:

· Develop automated security testing for centralized security libraries which scale directly with developer needs and enable them to write secure code more easily.

· Participate in the review and improvement of secure software development lifecycle (SDLC) processes.

· Have significant ownership in and evangelize security training with development teams.

· Drive initiatives which scale application security and holistically address application vulnerabilities.

· Be able to review application and infrastructure code in context and defend findings.

· Research and present emerging threats, vulnerabilities, and mitigation techniques.

· Support and consult with product and development teams in application security, including threat modeling and AppSec reviews.

· Assist teams in reproducing, triaging, and remediating application security vulnerabilities.

· Assist in development of security processes and automated tooling that prevent classes of security issues.

· With a focus on AWS, build the application specific security components of the next phase of ATPCOs Cloud infrastructure, shaping secure application development for years to come.

· Build automation to help us discover, measure, and contextualize application security issues.

· Partner with platform teams to deliver solutions that permanently solve entire categories of security risk.

· Participate in varied penetration testing and vulnerability assessments of applications, operating systems and/or networks.

Key Skills / Academic Background

· Current student pursuing a degree in Computer Science, Cybersecurity, Information Technology, Software Engineering, or related field

· Foundational understanding of secure coding principles and common web/app vulnerabilities (e.g., OWASP Top 10, CWE)

· Familiarity with application security testing tools such as SAST (Checkmarx), DAST (e.g., Burp Suite, OWASP ZAP), or SCA (dependency scanning) is a plus

· Experience with scripting/programming languages (Python, JavaScript, Bash, or similar) to automate security tasks

· Basic understanding of cloud application security fundamentals

· Awareness of DevSecOps practices and integrating security into CI/CD pipelines is a plus

· Strong analytical and problem-solving skills with high attention to detail

· Excellent written and verbal communication skills, especially in documenting and explaining vulnerabilities to developers

· Ability to collaborate effectively with cross-functional teams (developers, DevOps, security engineers)