Application Security Intern

Overview

The InfoSec team is responsible for finding and solving the biggest security risks facing our applications and infrastructure. As an engineering team ourselves, we do this by building paved roads and guardrails. We believe that the secure option should also be the easiest option for our users. We’re looking for a strong Engineer with a deep understanding of securing applications in a Cloud-native world to help us execute this vision.

Learning Opportunities & Professional Development The Application Security Intern will gain hands-on experience in identifying and analyzing application vulnerabilities, supporting secure code reviews, and contributing to the improvement of secure development processes. By the end of the program, the intern will have developed practical skills in application security testing, supported the integration of security into CI/CD pipelines, and delivered a capstone project that strengthens ATPCO’s application security posture.

You will:

• Develop automated security testing for centralized security libraries which scale directly with developer needs and enable them to write secure code more easily.
• Participate in the review and improvement of secure software development lifecycle (SDLC) processes.
• Have significant ownership in and evangelize security training with development teams.
• Drive initiatives which scale application security and holistically address application vulnerabilities.
• Be able to review application and infrastructure code in context and defend findings.
• Research and present emerging threats, vulnerabilities, and mitigation techniques.
• Support and consult with product and development teams in application security, including threat modeling and AppSec reviews.
• Assist teams in reproducing, triaging, and remediating application security vulnerabilities.
• Assist in development of security processes and automated tooling that prevent classes of security issues.
• With a focus on AWS, build the application specific security components of the next phase of ATPCOs Cloud infrastructure, shaping secure application development for years to come.
• Build automation to help us discover, measure, and contextualize application security issues.
• Partner with platform teams to deliver solutions that permanently solve entire categories of security risk.
• Participate in varied penetration testing and vulnerability assessments of applications, operating systems and/or networks.

Key Skills / Academic Background

• Current student pursuing a degree in Computer Science, Cybersecurity, Information Technology, Software Engineering, or related field
• Foundational understanding of secure coding principles and common web/app vulnerabilities (e.g., OWASP Top 10, CWE)
• Familiarity with application security testing tools such as SAST (Checkmarx), DAST (e.g., Burp Suite, OWASP ZAP), or SCA (dependency scanning) is a plus
• Experience with scripting/programming languages (Python, JavaScript, Bash, or similar) to automate security tasks
• Basic understanding of cloud application security fundamentals
• Awareness of DevSecOps practices and integrating security into CI/CD pipelines is a plus
• Strong analytical and problem-solving skills with high attention to detail
• Excellent written and verbal communication skills, especially in documenting and explaining vulnerabilities to developers
• Ability to collaborate effectively with cross-functional teams (developers, DevOps, security engineers)

At ATPCO, we are deeply committed to diversity, equity, and inclusion. Our supportive policies promote work-life balance through flexible work arrangements, and we cultivate a workplace where every employee feels valued, respected, and a true sense of belonging.

We consider qualified applicants for employment without regard to race, gender, age, color, religion, national origin, citizenship status, marital status, disability, sexual orientation, protected military/veteran status, gender identity or expression, genetic information, marital status, medical condition, or any other legally protected factor

All your information will be kept confidential according to EEO guidelines.

ATPCO is the world's primary source for air fare content, holding over 200 million fares across 160 countries. Every day, the travel industry relies on ATPCO's technology and data solutions to help millions of travelers reach their destinations efficiently. Join us and contribute to the development of innovative applications that power global travel. ATPCO is everywhere people buy flights.

We’re not just shaping the future of air travel– we’re redefining how and where great work happens. At ATPCO, we believe in flexibility, trust, and a culture where your wellbeing comes first

Our Culture:

We’ve built a remote-first culture rooted in trust, transparency, and belonging. With open-door leadership, weekly 1:1s, and real-time recognition, we keep our people connected and valued—no matter where they work.

Our cultural pillars of Collaboration, Empowerment, Innovation, Learning, Transparency, and Trust guide how we show up for one another and grow together.