Security Intern - r2c San Francisco, CA Bookmark Share Print 337 0 4

Listing Description

About the role

As a Security Intern at r2c, you’ll get broad experience across our security research and internal security efforts. You’ll be part of a team supporting our beloved open-source tool, Semgrep. And you will work on projects that span various security domains, including compliance, cloud, corporate, and application security.

Along the way, you will work with a dedicated group of security researchers, full-stack developers, program analysis experts, and infrastructure engineers. You will learn from senior security folk who bring experience and wisdom from decades of consulting and working in-house to secure organizations like Google, Palantir, and Salesforce. You’ll form part of a larger intern cohort joining various teams across engineering. You’ll attend lunch and learns across the company - learning about everything from the relative strengths and weaknesses of different development languages to the best ways to secure modern cloud infrastructure. Through a rotation on our internal Application Security program, you will be one of the primary internal users of Semgrep, working closely with engineering and product to improve the product and help secure our development efforts. Through a rotation with our Security Research team, you will probe deeply into specific vulnerabilities and write Semgrep rules to prevent them from occurring in our and our customers' code.

The best description of this internship comes from someone who has been where you will be. Vivek, one of our 2022 interns, wrote this blog post about their experience as an intern at r2c.

You will:
  • Participate in our Application Security program, triaging Semgrep alerts and helping address potential security issues
  • Participate in our compliance program, working to understand our primary security tools and processes and how to improve them
  • Work to improve our security by learning how to securely configure and use modern startups' services, tools, and infrastructure (AWS, Google Workspace, Okta SSO, macOS endpoints, etc.)
  • Conduct research on how specific vulnerabilities, such as SQL injection, Cross-Site Scripting, etc., surface in particular frameworks and languages
  • Write Semgrep rules to prevent these vulnerabilities from occurring in our and our customers' code
  • Collaborate with the internal security and security research teams by scoping and delivering a capstone project in a specific research area
  • Learn from a peer mentor whose job is to help you succeed and to help you get what you want out of your internship
  • Present your work to the team at the end of your internship

    • You are ideal for this role if you:
  • Have taken two or more college courses in computer science, security, or equivalent
  • Are interested in a career in security
  • Have experience scripting in one or more well-used languages: Python, Go, etc
  • Are excited about security in software development, supporting developer enablement, and wearing many hats across an early-stage startup

    • A day in the life of a Security Intern might consist of:
  • Monitoring and triaging alerts from our static analysis tool, Semgrep
  • Reviewing source code, and talking to developers about appropriate fixes
  • Monitoring and triaging alerts from our other security monitoring systems (e.g., cloud infrastructure and corporate SaaS)
  • Helping support security oversight efforts as part of compliance program (e.g., access grants and user offboarding, endpoint, and SaaS security improvements)

    • This will be the first time we have had a dedicated security intern, but we have a history of successful internships across our engineering teams. Example projects our previous interns have worked on include:
  • Build a Slack App integration for Semgrep-app with an authentication handshake
  • Build seamless VSCode and IntelliJ Semgrep integrations
  • Re-design and implement a frontend web page to be more intuitive and functional
  • You will join us as part of a cohort of interns working in various functional teams.

    • What we offer:
  • $2,400 per week for our 10-week full-time internship
  • Close 1:1 mentorship from full-time security team member
  • Regular feedback from your team’s manager
  • Working in person in our San Francisco office over the summer

    • Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!