Information Security (Penetration Testing) Intern

White Cloak Technologies is seeking a motivated and detail-oriented Information Security Intern (Penetration Testing) to join our InfoSec team. The ideal candidate will assist in identifying and validating vulnerabilities in web applications, mobile applications, and APIs through ethical hacking and security testing. This internship offers hands-on experience in real-world penetration testing, exposure to secure development practices, and an opportunity to strengthen technical skills using industry-standard tools such as Burp Suite and OWASP ZAP.

Responsibilities:

Penetration Testing:

• Conduct penetration testing of web applications, mobile applications, and APIs under the guidance of senior security engineers.

Vulnerability Assessment:

• Identify, analyze, and document vulnerabilities using tools like Burp Suite, OWASP ZAP, and manual testing techniques.

Reporting:

• Prepare detailed vulnerability reports with proof of concept (PoC) and assist developers in reproducing and remediating issues.

Security Research:

• Research new attack vectors, exploits, and OWASP Top 10 vulnerabilities to enhance testing methodologies.

Collaboration:

• Work closely with development teams to verify fixes and ensure vulnerabilities are properly mitigated.

Security Process Improvement:

• Assist in improving internal penetration testing procedures and automation scripts.

Awareness and Training Support (Optional):

• Contribute to internal awareness activities by sharing insights from penetration testing exercises.

Qualifications:

• Currently pursuing a Bachelor’s degree in Computer Science, Information Technology, or Cybersecurity, or equivalent practical experience.
• Familiarity with web, mobile, and API architectures and common security flaws (e.g., OWASP Top 10, API Security Top 10).
• Experience using Burp Suite (Community or Professional) or OWASP ZAP for vulnerability discovery.
• Basic understanding of HTTP, authentication mechanisms, and common web vulnerabilities (XSS, SQLi, CSRF, IDOR, etc.).
• Strong analytical, documentation, and problem-solving skills.
• Ability to work independently and demonstrate attention to detail.
• (Optional but advantageous): Knowledge of scripting or programming (e.g., Python, JavaScript, or Bash) for automation or PoC development.