Intern - Application Security
EClinicalWorks
Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
About eClinicalWorks
We are eClinicalWorks, a privately held leader in healthcare IT. We provide comprehensive, cloud-based EHR/PRM solutions to medical professionals worldwide, aiming to improve workflows and reduce the risk of physician burnout. We are committed to positive change and value creativity and innovation. At eClinicalWorks, we share a passion for improving healthcare through dedication, education, and teamwork, fostering a fast-paced, fun, and culturally diverse environment.
Please note - This role is only eligible for college students who are currently enrolled in a bachelor's or master's program.
Overview of the Intern - Application Security Role
eClinicalWorks is seeking a motivated Application Security Intern to join our Information Security team. This role is ideal for junior or senior-level students pursuing a degree in cybersecurity, computer science, information systems, or a related field. The intern will support hands-on penetration testing, vulnerability assessments, and security evaluations of enterprise and customer-facing ECW applications. This is a practical, technical role designed for someone excited about learning offensive security techniques and contributing to the overall security posture of the organization.
Primary Responsibilities
Penetration Testing
- Assist with planning and executing manual and automated penetration tests on web, mobile, and API-based applications.
- Identify, exploit, and document security vulnerabilities following industry best practices (OWASP, MITRE ATT&CK, NIST).
- Perform recon, scanning, enumeration, and exploitation under supervision of senior security engineers.
- Support development of proof-of-concept (PoC) demonstrations for validated findings.
Vulnerability Assessments
- Conduct vulnerability scans using commercial and open-source tools (e.g., Burp Suite).
- Validate, triage, and prioritize identified issues.
- Work with engineering teams to help reproduce findings and verify remediation.
Application Security Support
- Review application architecture, authentication workflows, and access controls for potential weaknesses.
- Participate in secure code review sessions (basic static analysis exposure is acceptable).
- Contribute to threat modeling activities under guidance.
Documentation & Reporting
- Prepare detailed reports summarizing findings, risk levels, and remediation recommendations.
Required Qualifications (Junior/Senior Level)
- Currently enrolled in a Master’s degree program in Cybersecurity, Computer Science, Information Technology, or a related field.
- Foundational understanding of:
- Web technologies (HTTP/S, APIs, HTML, JavaScript, databases).
- Languages: Java, C#.
- Frameworks: dotNet, J2EE.
- Network fundamentals (TCP/IP, routing, ports, protocols).
- Common application vulnerabilities (OWASP Top 10).
- Familiarity with at least one penetration testing or security tool: Burp Suite, Nessus, Metasploit, Wireshark, etc.
- Basic scripting or programming experience (Python, JavaScript, Bash, PowerShell, or similar).
- Strong analytical, problem-solving, and communication skills.
- Ability to handle sensitive information responsibly and maintain confidentiality.
Preferred Qualifications (Nice-to-Have)
- Previous coursework or personal projects in security, digital forensics, reverse engineering, or malware analysis.
- Hands-on experience in a lab environment.
- Exposure to secure development practices or code review.
- Experience with cloud environments (AWS, Azure, GCP) or containerized applications (Docker/Kubernetes).
- Industry Security Certifications are a plus.
Soft Skills
- Curiosity and passion for cybersecurity.
- Willingness to learn and take initiative.
- Ability to work both independently and collaboratively.
- Strong attention to detail and thoroughness.
What The Intern Will Gain
- Real-world experience in offensive security and secure software development.
- Mentorship from Application Security and Engineering teams.
- Practical exposure to enterprise security tools and environments.
- Opportunity to contribute meaningfully to real-world penetration testing engagements.
Compensation
Hourly pay range of $23 - $25 USD.
eClinicalWorks is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills, and experiences that bring us together and help create a healthy world.
Key skills/competency
- Application Security
- Penetration Testing
- Vulnerability Assessment
- OWASP Top 10
- Java/C# Development
- Python Scripting
- Burp Suite
- Network Fundamentals
- Secure Code Review
- Threat Modeling
How to Get Hired at EClinicalWorks
- Research eClinicalWorks' culture: Study their mission, values, recent news, and employee testimonials on LinkedIn and Glassdoor to understand their commitment to healthcare IT.
- Tailor your resume: Highlight relevant cybersecurity coursework, personal projects, and any hands-on experience with security tools or programming languages. Emphasize alignment with their focus on improving healthcare.
- Showcase technical prowess: Be prepared to discuss your foundational understanding of web technologies, programming languages like Java/C#, network fundamentals, and common vulnerabilities like the OWASP Top 10.
- Prepare for security-specific questions: Practice explaining penetration testing methodologies, vulnerability identification, and secure coding principles. Demonstrate familiarity with tools like Burp Suite, Nessus, or Metasploit.
- Demonstrate passion and initiative: Share your curiosity for cybersecurity, willingness to learn new offensive security techniques, and examples of independent or collaborative problem-solving from your academic or personal projects.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background