Junior Application Security Engineer Internship

This is a remote position.

The Junior Application Security Engineer Internship Program at EncryptEdge Labs provides a comprehensive, hands-on learning experience focused on securing modern applications. Over eight weeks, interns will work through carefully crafted challenges covering key areas of application security, including secure code analysis, vulnerability assessment, penetration testing, and implementing secure development practices.

Participants will gain practical expertise in identifying and mitigating vulnerabilities, using industry-standard tools like SAST, DAST, and code review platforms. The program concludes with a capstone project where interns apply their knowledge to secure a mock application and prepare a comprehensive security report. This internship is ideal for those aspiring to specialize in application security and contribute to building safer software.

Key Responsibilities:

• Learn and implement secure software development practices.
  
• Conduct Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
  
• Perform vulnerability assessments and penetration testing on web and mobile applications.
  
• Identify and mitigate OWASP Top 10 and CWE vulnerabilities.
  
• Collaborate on securing APIs, databases, and cloud-based applications.
  
• Complete a final capstone project to secure a mock application and present findings.
  
• Write detailed security assessment reports, including remediation recommendations.
  

Requirements

Core Qualities:

• A strong passion for application security, secure coding, and ethical hacking.
  

• Detail-oriented mindset with the ability to analyze and identify vulnerabilities in web and software applications.
  

• Exceptional documentation and reporting skills, capable of clearly articulating findings and remediation steps.
  

• Strong communication and collaboration skills, especially when working with developers and security teams.
  

• Consistent commitment to meeting deadlines and maintaining a high standard of work.
  

Educational and Learning Background:

• A degree in Computer Science, Software Engineering, or Information Security is preferred but not mandatory.
  

• Demonstrated self-learning through certifications, projects, or participation in bug bounty programs, CTFs, or online labs.
  

Foundational Knowledge:

• Understanding of web technologies and architectures (HTML, CSS, JavaScript, APIs, databases).
  

• Basic familiarity with network protocols (HTTP/HTTPS, DNS, TCP/IP) and operating systems (Windows/Linux).
  

• Awareness of the OWASP Top 10 and common web vulnerabilities.
  

Certifications (Desirable):

• TryHackMe Web Fundamentals or Web Hacking Path.
  

• eLearnSecurity Junior Penetration Tester (eJPT) or Web Application Penetration Tester (eWPT).
  

• CompTIA Security+ or Pentest+ (optional for entry-level candidates).
  

Recommended Courses:

• Web Application Security for Beginners (TryHackMe or HackTheBox).
  

• OWASP Top 10: Web Application Security for Developers (Udemy or Pluralsight).
  

• Bug Bounty Hunting – Web Hacking by The Cyber Mentor.
  

Key Skillset:

• Foundational understanding of web application vulnerabilities such as SQL injection, XSS, CSRF, and insecure deserialization.
  

• Ability to perform basic vulnerability scanning, manual testing, and input validation assessments.
  

• Understanding of secure software development lifecycle (SDLC) and DevSecOps concepts.
  

• Knowledge of ethical and legal standards in web security testing.
  

Technical Tool Familiarity:

• Experience with tools such as:
  

  • Burp Suite, OWASP ZAP, and Nikto for web application testing.
    

  • Kali Linux, Nmap, and Metasploit (for reconnaissance and exploitation).
    

  • Source code analysis tools such as SonarQube or Semgrep (optional).
    

• Basic scripting ability in Python, JavaScript, or Bash for automation and testing.
  

Logistics and Preparedness:

• Access to a dedicated computer and a reliable internet connection.
  

• Ability to set up and maintain a secure testing environment (guidance and resources will be provided).
  

Preferred Experience:

• Practical exposure to web security labs, CTF challenges, or bug bounty platforms (e.g., HackTheBox, TryHackMe, PortSwigger Labs).
  

• Personal or academic projects demonstrating an understanding of application security or secure coding practices.
  

Benefits