Intern - Cybersecurity Engineering Centre

Descrizione del lavoro:

What The Role Is

Project Title: Development of Scanning Solutions for Mobile Apps

This project aims to explore, design and prototype components of a static analysis capability tailored for mobile applications. The focus is to identify common security weaknesses found in Android and iOS apps and assess how automated checks can be integrated into broader mobile-app security workflows. The work will support CSA's ongoing efforts to build developer-centric security tools and strengthen mobile-app security baselines.

What You Will Be Working On

The intern will support the team in developing and validating a proof-of-concept SAST solution. This includes:

* Investigating existing static analysis techniques, tools and open-source frameworks suitable for mobile codebases.
* Analysing common mobile-app vulnerability patterns (e.g. insecure data storage, improper certificate handling, excessive permissions, weak cryptographic practices).
* Designing rule-sets or heuristics that can detect selected issues reliably with low false positives.
* Assisting in building parsing or scanning modules, integrating third-party libraries where appropriate.
* Running experiments on sample apps and documenting findings to inform tool refinement.
* Preparing technical documentation and presenting project outcomes to internal stakeholders.

The intern will work closely with the mobile security team, gaining practical experience in secure-app development, security tooling, and mobile-app threat analysis.

What We Are Looking For

* Interns available to start in January 2026, minimum commitment of 6 months.
* Strong interest in cybersecurity or mobile application development.
* Basic programming skills in Python, Java, Kotlin or Swift.
* Understanding of mobile-app architecture and common security concepts.
* Ability to work independently, document findings clearly and iterate based on feedback.
* Good-to-Have:
* Prior experience with mobile development (Android Studio, Xcode) or exposure to mobile-app reverse engineering.
* Familiarity with security testing concepts such as SAST, DAST or code-quality analysis.
* Understanding of static analysis frameworks such as Semgrep, MobSF, CodeQL or similar tools.
* Experience with Git, CI pipelines, or basic automation scripts