Application Security Engineer Intern at CLEAR
CLEAR helps create safer, easier experiences everywhere you go. We believe you are you and by using your biometrics – your eyes, face, and fingerprints – we keep you moving. Imagine a world where you can do virtually everything you need to – breeze through the airport, buy a beer at the game, check-in at the doctor’s office, access your office building, and more – without ever pulling out your wallet. CLEAR is currently available in 50+ airports, venues and more. Now with Health Pass, CLEAR securely connects a person’s digital identity to multiple layers of COVID-related insights to help reduce public health risk and restore peace of mind.
We’re defining and leading an entirely new industry, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List for the second year in a row and winner of the SXSW Interactive Innovation Award, CLEAR is providing innovative technology options for businesses and our 5+ million members to help create a safer environment no matter where you go.
We’re looking for a passionate Application Security Engineer Intern. In this role, your primary focus will be to learn how to ensure, enforce, and maintain CLEAR’s high standards of software security, specifically with regards to member data. You will do this by applying the attacker mindset to software systems while balancing principles of good software design and product requirements.
What You Will Do:
- Work on an automation project focused on surfacing high risk, high accuracy findings to developers in near real-time as they develop software.
- Perform internal penetration tests of CLEAR’s web applications and services. This includes testing, reporting, and assisting in driving remediation of discovered issues.
- Embed with one SCRUM Engineering team to help identify security gaps and learn how security can fit into a SCRUM lifecycle.
Who You Are:
- Working towards a formal degree in Cyber Security, Computer Science, Information Technology, or closely related field with 1-2 years until graduation. Or are a working professional or recent bootcamp grad. Or are working towards industry security certifications.
- Has excellent interpersonal communication skills and can take very technical issues and make them understandable to all audiences.
- Has a personal passion for security and cutting edge security concepts.
- Experience with automation using Python.
- Experience writing or pentesting web applications and web services.
- Proficient in reading different programming languages.
- Candidates should be familiar with vulnerabilities in the OWASP Top 10.
- Knowledge of HTTP or RESTful APIs.
- Understanding of general security foundations: cryptography/encryption, authentication, authorization, access control, least privilege, CIA triad.
- General understanding of public cloud technologies and concepts.
- Some programming and scripting experience with C#, C++, Java, Python, BASH, Go, or similar.
- Knowledge of and experience with common security tools (Splunk, Nessus/Tenable, Rapid7 tools, etc.).
- Familiarity or experience with Agile/SCRUM.