Application Security Analyst Intern

PatientPoint•Cincinnati, OH

3h•$25 - $26•Hybrid

About The Position

Join PatientPoint to be part of a dynamic team creating change in and around the doctor’s office. As a leading digital health company, we innovate to positively impact patient behaviors. Our purpose-driven approach offers an inspirational career opportunity where you can contribute to improving health outcomes for millions of patients nationwide. Job Summary This role supports application security efforts by assisting with static and dynamic testing, secure code reviews, threat modeling, and vulnerability research under senior mentorship. The intern will help triage findings, document risks, contribute to security tooling and automation, and collaborate with engineers to promote secure coding practices. The role is designed to provide hands-on exposure to real-world AppSec tools, OWASP standards, and how security integrates into modern DevOps workflows.

Requirements

Currently pursuing a Bachelor’s or Master’s degree in Computer Science, Data Science, Cybersecurity, Information Technology, or a related field
Basic understanding of application security concepts (OWASP Top 10, common web vulnerabilities)
Familiarity with at least one programming or scripting language (Python, JavaScript, Java, or similar)
Understanding of web technologies (HTTP/S, REST APIs, JSON, authentication mechanisms)
Ability to analyze security findings and communicate risks clearly
Strong problem-solving skills and attention to detail
Willingness to learn secure coding practices and security testing tools

Nice To Haves

Exposure to SAST, DAST, or SCA tools (e.g., Checkmarx, ZAP, Burp Suite)
Familiarity with Git, GitHub, or CI/CD pipelines
Knowledge of secure SDLC principles
Understanding of AI skills
Experience reviewing code for security issues
Interest in vulnerability research and threat modeling

Responsibilities

Assist in performing static (SAST) and dynamic (DAST) application security testing.
Help triage findings from automated scanners.
Participate in manual testing (under guidance) for common vulnerabilities such as SQL injection, XSS, or broken authentication.
Review code changes for security issues (often with senior mentorship).
Learn to use tools like SonarQube, Checkmarx, Fortify, or GitHub Advanced Security.
Document findings and recommend secure coding practices.
Support threat modeling exercises by documenting potential attack paths.
Research emerging vulnerabilities, CVEs, and security advisories relevant to the tech stack.
Track security trends and update the team.
Help integrate security tools into the CI/CD pipeline.
Write scripts for automating repetitive tasks (e.g., log parsing, results consolidation).
Support vulnerability management platforms (e.g., Jira, DefectDojo, Kenna).
Draft and maintain internal documentation for secure coding guidelines.
Assist in preparing developer training materials (e.g., OWASP Top 10 examples).
Work with engineers to clarify security requirements during development.
Exposure to OWASP Top 10 and CWE/SANS Top 25.
Mentorship in real-world vulnerability assessment and remediation.
Understanding how security integrates with agile/DevOps workflows.