Security Engineer

Summary

Join Lucid Software as a Security Engineer Intern and contribute to safeguarding our world-class web applications and employees. You will be part of a team dedicated to protecting customer and corporate data by proactively identifying and mitigating risks. This full-time summer internship offers a 12-week duration and involves designing, implementing, and maintaining security controls for Lucid's information systems. You will assist with pentesting efforts, incident response, and security automation, while promoting and exemplifying Lucid's core values.

Requirements

• Passion for security
• Pursuing Bachelor’s degree (or similar) in a technical security-adjacent field (e.g. Computer Science, Software Engineering, Information Security)
• Understanding of web applications and related security controls
• Adversarial mindset: and enjoys breaking, testing, and improving security controls by challenging assumptions and identifying gaps others may overlook
• Proficiency in one or more programming languages (e.g. Java, JavaScript, Python)
• Proficiency in one or more scripting languages (e.g. Bash, Powershell, Python)
• Able to work independently and make progress without steady supervision
• Excellent verbal and written skills with great attention to detail
• Ability and willingness to learn new skills quickly

Responsibilities

• Design, implement, and maintain security controls for Lucid's information systems
• Assist with third-party and in-house pentesting efforts on Lucid’s products
• Assist with incident response, including identifying, mitigating, resolving, and document incidents
• Improve security automation
• Proactively identify threats and opportunities for improvements in security controls and processes across the business
• Design solutions to mitigate risk and support business objectives
• Promote and exemplify Lucid’s core values

Preferred Qualifications

• Security-relevant side projects (e.g. HackTheBox, home labs)
• Experience or familiarity with pentesting
• Participation in the security community (e.g. security conferences, research)
• General knowledge of and skill in applying risk management principles and practices
• Security-related certification(s) (e.g., Security+)
• Understanding of common forensics techniques and methodologies along with their prerequisite logging and alerting
• Experience with bug bounty programs and/or vulnerability disclosure
• Understanding of common AWS infrastructure components (e.g. Lambda, S3, DynamoDB)