EncryptEdge LabsRemote
Junior Application Security Engineer Internship
United States of America
Internship
13 hours ago
Visa Sponsor
Key skills
JavaScriptPythonSQLBashSDLCCommunicationCollaborationOWASPPenetration Testing
About this role
EncryptEdge Labs is offering a Junior Application Security Engineer Internship Program that provides a hands-on learning experience focused on securing modern applications. Interns will engage in challenges covering application security areas, gaining practical expertise in identifying vulnerabilities and implementing secure development practices.
Responsibilities:
- Learn and implement secure software development practices
- Conduct Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST)
- Perform vulnerability assessments and penetration testing on web and mobile applications
- Identify and mitigate OWASP Top 10 and CWE vulnerabilities
- Collaborate on securing APIs, databases, and cloud-based applications
- Complete a final capstone project to secure a mock application and present findings
- Write detailed security assessment reports, including remediation recommendations
Requirements:
- A strong passion for application security, secure coding, and ethical hacking
- Detail-oriented mindset with the ability to analyze and identify vulnerabilities in web and software applications
- Exceptional documentation and reporting skills, capable of clearly articulating findings and remediation steps
- Strong communication and collaboration skills, especially when working with developers and security teams
- Consistent commitment to meeting deadlines and maintaining a high standard of work
- Understanding of web technologies and architectures (HTML, CSS, JavaScript, APIs, databases)
- Basic familiarity with network protocols (HTTP/HTTPS, DNS, TCP/IP) and operating systems (Windows/Linux)
- Awareness of the OWASP Top 10 and common web vulnerabilities
- Foundational understanding of web application vulnerabilities such as SQL injection, XSS, CSRF, and insecure deserialization
- Ability to perform basic vulnerability scanning, manual testing, and input validation assessments
- Understanding of secure software development lifecycle (SDLC) and DevSecOps concepts
- Knowledge of ethical and legal standards in web security testing
- Access to a dedicated computer and a reliable internet connection
- Ability to set up and maintain a secure testing environment
- A degree in Computer Science, Software Engineering, or Information Security is preferred but not mandatory
- Demonstrated self-learning through certifications, projects, or participation in bug bounty programs, CTFs, or online labs
- Practical exposure to web security labs, CTF challenges, or bug bounty platforms (e.g., HackTheBox, TryHackMe, PortSwigger Labs)
- Personal or academic projects demonstrating an understanding of application security or secure coding practices
- Experience with tools such as Burp Suite, OWASP ZAP, and Nikto for web application testing
- Experience with Kali Linux, Nmap, and Metasploit (for reconnaissance and exploitation)
- Basic scripting ability in Python, JavaScript, or Bash for automation and testing