Cybersecurity Intern

Location: Remote (India)

Stipend: ₹15,000/month

3-month internship → Full-time offer

About the Role

Work directly with our founding team to build APS (Autonomous Pentesting Solution), an AI-native platform redefining how security testing is done at scale. This isn't a training role. We want practitioners who've found real bugs in real systems and can help us teach AI to do the same.

What You'll Work On

Web application pentesting (primary focus) — deep, manual testing of complex web apps; business logic flaws, auth bypasses, injection chains, multi-step exploitation

API security testing — REST/GraphQL/gRPC; broken object-level auth, mass assignment, JWT attacks, API enumeration

Mobile app pentesting — Android/iOS; reverse engineering, intercepting encrypted traffic, insecure storage, deeplink abuse

Bug bounty-style research — hunting for novel attack paths, chaining low-severity issues into critical findings

APS development — contribute attack patterns, validate AI-generated findings, and stress-test automation workflows

Vulnerability documentation — detailed technical writeups with reproduction steps, impact analysis, and remediation guidance

PoC development — building working exploits and test cases for identified vulnerabilities

Who We're Looking For

Must-haves:

Proven web application pentesting experience — OWASP Top 10 is the floor, not the ceiling

Active bug bounty hunter with at least one public acknowledgment (Hall of Fame, CVE credit, or paid bounty on HackerOne/Bugcrowd/Intigriti)

Solid understanding of API security — able to manually test and exploit API vulnerabilities beyond what scanners find

Hands-on with Burp Suite (including extensions), and comfortable scripting in Python for custom tooling

Able to write clear, professional vulnerability reports that a developer can act on

Strong differentiators:

Published CVEs or responsible disclosure credits

Hall of Fame listings from recognized programs

Experience with mobile app testing (Android preferred — APK reversing, Frida, traffic interception)

CTF experience (especially web categories — SSRF, deserialization, XXE, prototype pollution)

Certifications: OSCP, BSCP, CPTS, or equivalent hands-on certs

Prior experience integrating security tooling with Python automation

What You'll Gain

Direct mentorship from founders with deep security and AI backgrounds

Hands-on role building a production-grade autonomous pentesting platform — your work ships to real customers

Exposure to cutting-edge LLM/AI integration in offensive security workflows

Fast-track to a full-time offer with market salary

Interview Process

Founder Call (30 min) — background, bug bounty stories, culture fit

Technical Assessment (24h) — real-world web app challenge; we want to see your methodology, not just your answer

Security Lead Round (45 min) — deep dive into your solution, past findings, and how you think about automation

#bugbounty #vapt #redteaming #cybersecurity