INTERNSHIP - Deployment of Interactive Application Security Testing (IAST) tool for web applications

Location: Praha, Czechia

Thales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure.

Thales in the Czech Republic employs over 400 people from 45 different nationalities. A total of 15 teams work on projects for government agencies, banking, mobile services and the Internet Of Things (IoT) technology. At the core of our business is the development of software which we configure and embed in a multitude of different devices and form factors. These include many kinds of payment cards, SIM cards, travel passes, secure eBanking devices, authentication tokens, machine identification modules (MIM), and secure ID documents including ePassports, eID and eHealth cards, as well as eDriving licenses. Because of the international environment surrounding us every day, it comes as no surprise that English is our official corporate language.

The goal is to deploy a well-known IAST tool (such as Black Duck Seeker or Contrast's IAST) in various types of web applications (Web Service and Web UI applications) dealing with biometrics (Face or Fingerprint recognition systems). The IAST tool needs to be integrated into the automated testing chain of the CI/CD (such as GitLab, for instance) of the respective product R&D teams. Another key responsibility of the role involves promoting and communicating the tools, security guidelines and hardening recommendations provided by these tools, as well as by renowned security organizations such as OWASP, ANSSI, and NIST.

The intern will have the opportunity to understand and compare the pros and cons of the IAST tool with other types of scanning tools such as Dynamic Application Security Testing (DAST) using, for instance, OpenText Fortify WebInspect, Burp Suite, or OWASP Zap, and Static Application Security Testing (SAST) tools using OpenText Fortify Static Code Analysis or Black Duck Coverity Static Analysis.

The student will contribute to write the baseline deployment guideline for the tool in the organization and support adoption of the tool by the product R&D teams. 

The intern will join our technical governance team, which comprises experts in fields such as cybersecurity, automation testing, biometric systems, cloud computing, and software & system architecture. This team has several years of experience supervising students, generally several at the same time. 

A background in software engineering or IT engineering with a major in cybersecurity is preferred. 

Most of the communication will be in English

Technology skills:
• Programing Language: Java, JavaScript, Python
• Web Technology: HTML, CSS, WebServer (Node.js, Spring-Boot, Jetty)
• OS: Linux / Windows
• Network: HTTP(S), TCP/IP, SSH
• CI/CD: GitLab
• Security Tools: vulnerability scanners
• Deployment Environment: docker, Kubernetes

At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working. Great journeys start here, apply now!