Cloudflare is on a mission to help build a better Internet. We protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code.

As a Security Engineer Intern, you will work alongside experienced security engineers to identify vulnerabilities, harden our infrastructure, and build tools that protect billions of Internet users. We are looking for interns who are curious, proactive, and able to approach problems with a 'security-first' mindset.

Responsibilities

• Ship and deliver security-focused projects over 12-16 weeks with autonomy and support.
• Work cross-functionally with Product, Infrastructure, and Engineering teams to integrate security into every stage of the development lifecycle.
• Work closely with a mentor to guide you through the internship, develop your security expertise, and help with career goals.
• Build your network across the company through our various in and out of office socials, networking programs, Employee Resource Group (ERG) programs, and Activity Groups.
• Present your security project to the entire company at the end of the internship.
• Connect and learn from our executives and leadership team including our co-founders.
• Write for our Cloudflare blog (e.g., documenting a new security tool or a vulnerability research finding) and be featured on Cloudflare.tv sessions.

What We're Looking For

• Education: Currently pursuing a degree in Computer Science, Cybersecurity, Computer Engineering, or a related technical field.
• Security Fundamentals: A solid understanding of the OWASP Top 10, common attack vectors (XSS, SQLi, CSRF), and how to mitigate them.
• Demonstrated critical thinking skills and drive to learn and adapt new technologies.
• Curiosity, empathy and ability to get things done.
• Ability to commit to a minimum 12 week summer internship.
• In office 3-5 days a week in the location of the internship.
• Local to Austin; relocation not provided.

What Makes Cloudflare Special?

We're not just a highly ambitious, large-scale technology company. We're a highly ambitious, large-scale technology company with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet.

Project Galileo: Since 2014, we've equipped more than 2,400 journalism and civil society organizations in 111 countries with powerful tools to defend themselves against attacks that would otherwise censor their work, technology already used by Cloudflare's enterprise customers--at no cost.

Athenian Project: In 2017, we created the Athenian Project to ensure that state and local governments have the highest level of protection and reliability for free, so that their constituents have access to election information and voter registration. Since the project, we've provided services to more than 425 local government election websites in 33 states.

1.1.1.1: We released 1.1.1.1 to help fix the foundation of the Internet by building a faster, more secure and privacy-centric public DNS resolver. This is available publicly for everyone to use - it is the first consumer-focused service Cloudflare has ever released.

Here’s the deal - we don’t store client IP addresses never, ever. We will continue to abide by our privacy commitment and ensure that no user data is sold to advertisers or used to target consumers.

Sound like something you’d like to be a part of? We’d love to hear from you!

XML job scraping automation by YubHub

In this role, you will:

Perform manual and automated testing of web applications, APIs, and mobile apps (iOS/Android). Conduct network and cloud level assessments with various tooling. Triage and validate reports from automated scanners or bug bounty hunters to eliminate false positives and escalate true positives. Perform initial prompt injection and jailbreak tests on AI prototypes, services, and applications using established checklists (OWASP Top 10 for LLMs). Draft high-quality reports that detail the "path to compromise" with clear, reproducible steps for developers. Manage and update the team's testing infrastructure (e.g., Burp Suite, and basic C2 listeners). Provide direct technical guidance to engineering teams on how to patch vulnerabilities like XSS, SQLi, and IDOR. Design and lead multi-week Red Team operations that mimic specific threat actors (APTs) to test the SIRT detection capabilities. Build custom payloads, droppers, and obfuscated scripts to bypass EDR/AV and maintain stealth. Build automated testing frameworks for AI systems (e.g., using PyRIT, Promptfoo, or Garak) to test for models related to sensitive data leakage. Execute sophisticated attacks against AWS/Azure/K8s, focusing on IAM misconfigurations and container escapes. Collaborate with SIRT and Detection Engineering to tune SIEM alerts based on the techniques used during an engagement. Oversee the organization's bug bounty program, identifying trends in submissions to suggest broad architectural security changes.

Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply.

XML job scraping automation by YubHub

We are looking for a Staff Software Engineer, Security to join our Security Engineering group. As a Staff Software Engineer, Security, you will act as a liaison between the Security org and the engineering org to build technical leverage and influence the security roadmap and direction.

Responsibilities ---------------

• Act as a liaison between the engineering and security org to develop innovative requirements for the security roadmap.
• Evangelize security best practices across the engineering org.
• Research, design, implement and own security oriented frameworks and features with the common goal of protecting Okta’s customers.
• Routinely participate in cross-vertical code reviews with emphasis on Security.
• Break down complex problems into sub-tasks while prototyping rapidly and iteratively contributing to security initiatives using agile practices.
• Coach and mentor junior engineers in the team.

Preferred Qualification and Abilities -----------------------------------

• 7+ years of development experience in designing and implementing software systems in Java, building highly reliable and mission-critical software.
• 3+ years of work experience in designing and implementing security solutions for applications and distributed systems.
• Work experience and excellent understanding in mitigating OWASP Top 10 attacks on applications, Application Security, Cryptography, Authentication, Authorization using Role-Based and Attribute-Based access controls.
• Strong understanding of concepts such as Test-Driven development, Secure SDLC, Secure code reviews and the ability to identify and mitigate threat vectors and vulnerabilities in code and infrastructure.
• Good understanding and experience in using cloud service providers such as AWS and GCP.
• Developing and maintaining technical documentation such as cookbooks, design and architecture docs.
• Troubleshooting and fixing production issues to ensure reliability, security and performance.
• Work experience in using RDBMS like MySQL, good grasp of concepts such as replication and clustering along with familiarity in data stores such as Redis and Elasticsearch.
• Excellent grasp of software engineering principles coupled with strong written and verbal communication skills.
• B.S or M.S in Computer Science or related fields.

The Okta Experience ------------------ Supporting Your Well-Being Driving Social Impact Developing Talent and Fostering Connection + Community

XML job scraping automation by YubHub

As a Staff Engineer, AI Security on the AppSec team, you'll lead autonomous defense for the AI lifecycle. Build multi-agent frameworks and secure gateways while integrating real-time security gates and identity standards. By mentoring Security and R&D to define the MLSecOps roadmap, you'll ensure a 'secure-by-default' future for agentic workflows and resilient AI innovation.

Responsibilities:

Serve as the primary subject matter expert for all AI and machine learning security initiatives across security and R&D.

Design and manage AI gateways to provide a centralized control plane for authentication and authorization and rate limiting across all model and tool interactions.

Build and maintain an autonomous security agentic framework that utilizes multi agent orchestration for end to end investigation and alert triage and remediation.

Develop agentic identity models using OAuth 2.1 to propagate identity across trust boundaries and prevent the confused deputy problem.

Help govern the AI augmented software development lifecycle by integrating real time security gates into the developer environment and CI/CD pipeline.

Manage Agentic Security Solutions that secure AI lifecycle and manage AI workloads at runtime.

Author company wide AI security standards and implement these security checks across Twilio's stack.

Implement human in the loop checkpoints and transactional safety protocols for high impact or destructive agentic actions.

Partner with engineering leadership to set the long term roadmap for identity centric security and automated posture management.

Act as a knowledge multiplier by mentoring security engineers and developing secure by default paved road templates for R&D teams

Qualifications:

8+ years of experience in security engineering with at least 3 years focused on AI or machine learning security operations (MLSecOps).

Expertise in orchestrating multi-agent systems with AWS Strands, LangGraph, and CrewAI, specializing in runtime isolation, PII redaction, and defending against indirect prompt injection in agentic environments.

Hands-on experience with AI-specific frameworks (e.g., MITRE ATLAS, MAESTRO, OWASP Top 10 for LLMs/Agents/MCP) to threat model and defend against a wide spectrum of risks, including direct/indirect prompt injection, training data poisoning, tool poisoning, and data exfiltration within agentic workflows.

Proficiency in securing end-to-end AI pipelines, from data ingestion and training to model deployment and monitoring.

Strong communication skills to translate complex AI risks into actionable business logic for stakeholders.

Desired:

Hands-on experience in modern application security tooling including SAST and SCA and DAST with experience adapting these tools to catch AI specific vulnerabilities like indirect prompt injection.

Expertise in identity standards including OAuth 2.1 and PKCE.

Experience with AI Red Teaming and conducting adversarial simulations against Large Language Models (LLMs) and agentic systems.

Proficiency in at least one general programming language (Python, Go, etc) with experience in container security and workload isolation.

Proven ability to operate with autonomy and drive high impact outcomes in ambiguous environments by identifying and executing on critical projects without predefined roadmaps or direct supervision.

XML job scraping automation by YubHub

We are looking for builders and owners who operate with speed and urgency and execute with excellence. This is an opportunity to do career-defining work.

The Role -------- We seek a knowledgeable and development-focused Security Engineer, who will build micro-services to secure Customer Identity Products and Infrastructure.

Responsibilities --------------- Work across a globally distributed product-aligned team of security engineers Establish a deep understanding of Okta Customer Identity products and infrastructure Collaborate when necessary with the Okta Security team on security operations Build, deploy & maintain scalable and reliable infrastructure services as well as security solutions for customer identity products Build, deploy & maintain automation to improve platform security capabilities at scale including logging, threat detection and compliance benchmarks to increase our security posture Help meet our operational security commitments by thinking like an attacker, assessing the risk, and advising on mitigation strategies Support security investigations in coordination with the Okta Security team, participate in root cause analysis and perform necessary remediations. Support stakeholders by proposing mitigation strategies for end-of-life software and security vulnerability and patch management

Requirements ----------- You have 3+ years of hands-on development experience writing microservices with Golang You have 3+ years of experience in cloud infrastructure security, product security You have working knowledge and hands on development experience with one or more of the following: AWS and/or Azure security Kubernetes You have strong knowledge in OWASP Top 10 and secure coding best practices You have strong foundation on secure software development lifecycle best practices You have strong written and verbal communication skills You have experience working with a globally distributed and remote team.

Bonus points if: You have working knowledge and experience with one or more of the following: Full-stack engineering Site reliability engineering Identity and access management Vulnerability and threat management Security detection and response Governance, risk and compliance

XML job scraping automation by YubHub

Responsibilities: Conduct in-depth code reviews and static analysis to identify and mitigate security vulnerabilities in our applications Design and implement secure coding guidelines and best practices for development teams Collaborate closely with development teams to integrate security practices throughout the CI/CD pipeline Perform threat modeling and risk assessments for applications, developing mitigation strategies for potential risks Manage vulnerability tracking and remediation efforts, providing guidance to development teams Support incident response activities related to application security Stay current on emerging security threats and trends in cloud-native technologies and AI, continuously enhancing our security measures Evaluate and secure software supply chains, including producing and maintaining Software Bills of Materials (SBOMs) Address security concerns specific to AI and machine learning models, with a focus on the OWASP LLM Top 10

Basic Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or a related field 3-5 years of experience in application security, with a strong focus on code security practices Deep understanding of secure coding practices, application security frameworks, and common vulnerabilities (e.g., OWASP Top 10) Proficiency in Python or Rust programming languages and experience with secure coding practices in these languages Experience securing CI/CD pipelines and implementing DevSecOps practices Familiarity with software supply chain security and SBOM generation tools Experience with security testing tools (e.g., Burp Suite, OWASP ZAP) and static/dynamic code analysis Understanding of AI/ML security implications, particularly those outlined in the OWASP LLM Top 10 Excellent communication skills, able to explain complex security issues to both technical and non-technical audiences

Preferred Skills and Experience: Experience with cloud platforms (e.g., GCP, AWS, Azure) and their security features Relevant security certifications (e.g., CSSLP, OSWE) Background in data privacy and compliance regulations relevant to cloud-native applications and AI systems Experience with GitOps and infrastructure-as-code security Familiarity with federated learning and privacy-preserving machine learning techniques Experience in building custom security tooling to enhance and automate security processes Interest in leveraging AI to automate security tasks and improve efficiency Contributions to open-source security projects or tools Experience in securing AI/ML models and data pipelines

Compensation and Benefits: $200,000 - $340,000 USD Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

XML job scraping automation by YubHub

Your responsibilities will include:

• Supporting application security reviews for services, APIs, and new product features across the VGS platform.
• Helping identify, validate, and track security findings from static analysis, dependency scanning, container scanning, and other security testing tools.
• Participating in threat modeling and secure design discussions with engineering teams during feature development.
• Evaluating the security of AI-enabled development workflows, including internal AI systems integrated into the SDLC.
• Assisting with manual testing and validation of web application and API security issues.
• Helping improve secure SDLC processes by contributing to developer guidance, secure coding resources, and repeatable review checklists.
• Working with engineers to understand remediation options and clearly document security risks and recommendations.
• Contributing to improving security tooling and guardrails in CI/CD and development workflows.

We're looking for someone with a strong interest in secure software design, cloud-native architectures, and automation. You should have a foundational understanding of application security concepts, such as the OWASP Top 10, API security, authentication and authorization, secure coding, and common software vulnerabilities.

At VGS, we have a remote-first philosophy, and we're looking for someone who is comfortable working independently and collaboratively as part of a team.

XML job scraping automation by YubHub

The successful candidate will design, build, and maintain high-scale automation workflows and AI-assisted capabilities that proactively mature Greenlight's security posture. They will also architect and implement security guardrails for internal AI usage, ensuring LLM integrations and automated agents operate within company risk tolerances.

Key responsibilities include:

• Developing custom integrations across the security and business systems stack (SaaS, FinTech tools, and internal APIs) to eliminate manual silos.
• Building and configuring automated tooling for real-time monitoring of data security, privacy, and vulnerability management.
• Partnering with IT, Engineering, and Business Owners to identify operational bottlenecks and deploy AI-powered solutions that enhance both security and efficiency.
• Collaborating with DevOps to bake automated security controls into the CI/CD pipeline and cloud environments.
• Creating high-quality designs, workflow diagrams, and playbooks to ensure automated systems are maintainable and transparent.

Requirements include:

• 4+ years of professional experience in Cybersecurity, DevOps, or Software Engineering.
• Strong proficiency in Python (preferred) or Go for building custom security tools and API-heavy integrations.
• Solid understanding of cloud security principles (AWS/GCP), containerization (Docker/K8s), and securing distributed systems.
• Deep familiarity with the OWASP Top 10 (including LLM-specific risks) and CI/CD security best practices.
• Hands-on experience with CI/CD platforms (GitHub Actions, GitLab CI) and no-code/low-code automation platforms (e.g., Tines, Torq, or Tray.io).
• Proven experience using AI-assisted tools (Copilot, Cursor, etc.) to accelerate development and a curiosity for deploying AI-driven security solutions.

Nice to have:

• Experience with Infrastructure-as-code (IaC)
• Direct experience implementing security controls within both AWS and GCP.
• Security certifications such as CISSP, Security+, or specialized GIAC certifications.

XML job scraping automation by YubHub

Your day-to-day will involve leading security architecture/design review and threat modeling sessions with product and engineering teams, translating threats into actionable, risk-rated engineering remediations prioritized by severity, conducting hands-on penetration testing and security assessments across our full product stack, and driving PSIRT operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers, and on-call incidents.

You will also shape the posture of our AI-assisted development environment, defining and enforcing enterprise policies for Claude and Cursor, and partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers, and collaborating with the AI team on securing ML pipelines.

As a champion of security culture, you will run developer training on secure coding with AI assistants, evangelize security by design for products, and ensure every engineer understands that product security is an enabler and not a gate.

You will bring 10+ years of product security experience spanning application security, cloud security, and secure SDLC, expert-level threat modeling using STRIDE, PASTA, or equivalent across web, mobile, cloud, embedded, and AI systems, hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware, and deep hands-down AI security expertise and expert-level understanding of OWASP Top 10 for LLM, API, Web, Mobile, and practical experience with MITRE.

You will have strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor, and understand MCP security risks and know how to architect enterprise guardrails that enable safe AI-assisted development.

You will also have strong programming ability and capability to review code, build security tools, automate workflows, and be credible with the engineering teams you partner with.

Preferred experience includes hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience, and experience in the Financial industry, knowledge of PCI DSS, COPPA, or demonstrated ability to learn regulated domains quickly.

Work perks at Greenlight include medical, dental, vision, and HSA match, paid life insurance, AD&D, and disability benefits, traditional 401k with company match, unlimited PTO, paid company holidays and pop-up bonus holidays, professional development stipends, mental health resources, 1:1 financial planners, fertility healthcare, 100% paid parental and caregiving leave, plus cleaning service and meals during your leave, flexible WFH, both remote and in-office opportunities, fully stocked kitchen, catered lunches, and occasional in-office happy hours, and employee resource groups.

XML job scraping automation by YubHub

Fuse Energy is a forward-thinking renewable energy startup on a mission to deliver a terawatt of renewable energy - fast. We're combining first-principles thinking with cutting-edge technology to build a radically better energy system.

We're creating a fully integrated energy company: from developing solar, wind and hydrogen projects to real-time power trading and distributed energy installations. By selling directly to consumers, we cut out the middleman, lower costs and pass on savings to customers.

But we're not stopping there. We're also building the Energy Network: a decentralised platform of smart devices that rewards users in Energy Dollars for electrifying their homes, shifting usage to off-peak hours, and helping balance the grid. This network strengthens grid stability - a critical foundation for scaling AI data centers and other energy-intensive industries.

Responsibilities

Security Engineering & Implementation

• Assist in implementing and maintaining security controls across cloud infrastructure, web applications, and internal systems.
• Support secure configuration of services, including access controls, secrets management, and API security.
• Help review and improve the security of components related to identity, authentication, and transaction workflows.

Threat Modelling & Risk Awareness

• Participate in threat modelling exercises and security reviews for new features and system changes.
• Help identify common security risks and misconfigurations, and work with engineers to remediate them.
• Stay informed about common attack vectors and vulnerabilities relevant to modern cloud and web environments.

Security Operations & Incident Support

• Assist with monitoring, detection, and investigation of security alerts and events.
• Support incident response activities, including analysis, documentation, and follow-up remediation tasks.
• Help maintain and improve runbooks, alerts, and basic detection mechanisms.

Secure Development & Best Practices

• Contribute to secure development practices, including code reviews with a security lens.
• Help document and promote security guidelines for engineers, such as secure coding and secrets handling.
• Support ongoing efforts related to compliance readiness (e.g., evidence gathering, control checks).

Collaboration & Learning

• Work closely with engineering and product teams to integrate security into day-to-day development.
• Learn from senior security engineers and actively develop your skills in cloud security, application security, and infrastructure security.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.
• 2–3 years of experience in a Security Engineer, Software Engineer, Infrastructure Engineer, or similar role with security exposure.
• Foundational understanding of security concepts such as authentication, authorisation, encryption, and secure communication.
• Familiarity with common web and cloud security risks (e.g., OWASP Top 10, IAM misconfigurations).
• Basic experience with AWS and an interest in cloud security best practices.
• Working knowledge of operating systems, networking fundamentals, and software development workflows.
• Strong problem-solving skills and a willingness to learn and grow in a fast-moving environment.

Benefits

• Competitive salary and an equity sign-on bonus
• Biannual bonus scheme
• Fully expensed tech to match your needs
• Paid annual leave
• Breakfast and dinner allowance for office based employees

XML job scraping automation by YubHub

Fuse Energy is a forward-thinking renewable energy startup on a mission to deliver a terawatt of renewable energy - fast. We're combining first-principles thinking with cutting-edge technology to build a radically better energy system.

We're creating a fully integrated energy company: from developing solar, wind and hydrogen projects to real-time power trading and distributed energy installations. By selling directly to consumers, we cut out the middleman, lower costs and pass on savings to customers.

But we're not stopping there. We're also building the Energy Network: a decentralised platform of smart devices that rewards users in Energy Dollars for electrifying their homes, shifting usage to off-peak hours, and helping balance the grid. This network strengthens grid stability - a critical foundation for scaling AI data centers and other energy-intensive industries.

Responsibilities

Security Engineering & Implementation

• Assist in implementing and maintaining security controls across cloud infrastructure, web applications, and internal systems.
• Support secure configuration of services, including access controls, secrets management, and API security.
• Help review and improve the security of components related to identity, authentication, and transaction workflows.

Threat Modelling & Risk Awareness

• Participate in threat modelling exercises and security reviews for new features and system changes.
• Help identify common security risks and misconfigurations, and work with engineers to remediate them.
• Stay informed about common attack vectors and vulnerabilities relevant to modern cloud and web environments.

Security Operations & Incident Support

• Assist with monitoring, detection, and investigation of security alerts and events.
• Support incident response activities, including analysis, documentation, and follow-up remediation tasks.
• Help maintain and improve runbooks, alerts, and basic detection mechanisms.

Secure Development & Best Practices

• Contribute to secure development practices, including code reviews with a security lens.
• Help document and promote security guidelines for engineers, such as secure coding and secrets handling.
• Support ongoing efforts related to compliance readiness (e.g., evidence gathering, control checks).

Collaboration & Learning

• Work closely with engineering and product teams to integrate security into day-to-day development.
• Learn from senior security engineers and actively develop your skills in cloud security, application security, and infrastructure security.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.
• 2–3 years of experience in a Security Engineer, Software Engineer, Infrastructure Engineer, or similar role with security exposure.
• Foundational understanding of security concepts such as authentication, authorisation, encryption, and secure communication.
• Familiarity with common web and cloud security risks (e.g., OWASP Top 10, IAM misconfigurations).
• Basic experience with AWS and an interest in cloud security best practices.
• Working knowledge of operating systems, networking fundamentals, and software development workflows.
• Strong problem-solving skills and a willingness to learn and grow in a fast-moving environment.

Benefits

• Competitive salary and an equity sign-on bonus
• Biannual bonus scheme
• Fully expensed tech to match your needs
• Paid annual leave
• Breakfast and dinner allowance for office based employees

XML job scraping automation by YubHub