The Application Security Intern will execute essential operational capabilities to detect and manage technical risks across the BlackLine application environment. This employee will be responsible for the daily operation and management of one or more security technical controls to protect the development of our application.
Roles and Responsibility (list in order of importance)
- Introduction to information security workflow, process, and best practices. Expand your skills and learn new technology.
- Undertake and/or participates in projects and programs designed to develop professional skills and expertise appropriate to the needs of the organization
- Participates in performing all security reviews including static code analysis, software composition analysis and penetration testing as a part of Secure Software Development Lifecycle
- Operate/maintain/improve security tools and capabilities using industry best practice and standards
- Investigate new security vulnerabilities to understand the mechanics of threat vector and how it could be exploited
- Work with peers in other internal groups to drive technical security risk down in targeted areas
- Receives guidance, training, and mentoring from senior personnel in planning and carrying out activities and assignments
Education: You must be currently enrolled as an undergraduate/graduate in Spring 2022.
Technical/Specialized Knowledge, Skills, and Abilities:
- Excellent hands-on development experience and proficient in one of the programming languages such as C#, Java, SQL
- Strong foundational knowledge of software security, cryptography
- Solid organizational skills, including multitasking and time-management
- Familiarity with different families of technical security controls and tools
- Ability to learn, ask questions and operate independently
- Problem solving ability and clear communication skills
- Basic information security experience preferred
- Basic understanding of Web Application architecture and its components
- Knowledge on common application security vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay)
Work is primarily sedentary in nature; no special demands required.