Application Security Intern

1w1 week ago

Very Good Security

US · Internship · $45,000 – $65,000

About this role

VGS is the world's leader in payment tokenization. Large banks, fintechs, and merchants embed our universal token vault to manage payment data complexities across processors, open banking, and PCI compliance. We are looking for a curious, motivated Application Security Intern to partner with security and engineering teams.

You will evaluate application risk, improve secure software development workflows, and help developers ship software safely in an environment handling sensitive payment and identity data. Support includes application security reviews for services, APIs, and new features. Participate in threat modeling and secure design discussions during feature development.

Help identify and track security findings from static analysis, dependency scanning, and container scanning. Assist with manual testing of web apps and APIs for access control, authentication, and input validation. Work with engineers to document risks and remediation options.

Be proactive and innovative to build a world-class product securely. Join a team valuing transparency, collaboration, grit, humility, and doing the right thing for customers. Traits for success: attention to detail, problem solver, customer-oriented, versatile, resilient, eager to learn.

Requirements

Currently pursuing a degree in Computer Science, Cybersecurity, Software Engineering, or a related field, or have equivalent practical experience
Foundational understanding of application security concepts such as the OWASP Top 10, API security, authentication and authorization, secure coding, and common software vulnerabilities
Ability to read and reason about code in one or more programming languages such as Java, Python, JavaScript, or Go
Familiarity with Git, the software development lifecycle, and basic testing or debugging workflows
Strong interest in secure software design, cloud-native security practices

Responsibilities

Support application security reviews for services, APIs, and new product features across the VGS platform
Identify, validate, and track security findings from static analysis, dependency scanning, container scanning, and other security testing tools
Participate in threat modeling and secure design discussions with engineering teams during feature development
Evaluate the security of AI-enabled development workflows, including internal AI systems integrated into the SDLC
Assist with manual testing and validation of web application and API security issues, including access control, authentication, input validation, and secrets handling
Improve secure SDLC processes by contributing to developer guidance, secure coding resources, and repeatable review checklists
Work with engineers to understand remediation options and clearly document security risks and recommendations
Contribute to improving security tooling and guardrails in CI/CD and development workflows