Product Security Engineering Intern

Are you a student or a recent graduate looking for an internship within a fast-growing international environment and passionate about developing a strong experience in product security?

Then more reason to join this exciting Product Security Internship opportunity at Fortinet in Sophia-Antipolis!

As a Product Security Intern, you will join Fortinet’s highly skilled PSIRT team in Sophia-Antipolis, in charge of handling security incidents and performing vulnerability research on Fortinet products. You will benefit from an extensive training program allowing you to become an expert in your field. You will be able to develop a strong experience in product security, to show your ability to investigate and help remedy vulnerabilities.

Mission

You will be able to focus your internship project on one of the following two key areas:
1. API Fuzzer: Development based project which consist in improving PSIRT dynamic testing toolkit with an API fuzzer. API fuzzing is commonly used to discover unintended flaws in web applications such as memory corruptions or code injection. Fuzzers are coverage based and are used to test a variety of inputs over a list of API endpoints and their associated parameters.
API fuzzing should allow the Product Security team to detect variants of flaws previously discovered through source code analysis, manual testing, or external research reports. The tool might also detect new issues using chosen inputs.
• The goal of the internship would be to:
o Understand and give detailed description / presentation on existing tools for API fuzzing.
o Adapt existing tools or develop a tool to detect security issues on Fortinet products. The scope of tests will rely on the API documentation (Swagger/OpenAPI) of the tested Fortinet product.
o The tool should be able to distinguish correct web responses from unintended behaviors leading to security issues.
• The main goal is to reinforce coverage of dynamic testing toolkit (DAST) over Fortinet products.

2. Product Security Analyst: You will contribute to the missions of the product security team.

• Support the management of the PSIRT incidents and ensure they are handled in a timely manner
• Triage incidents, answer questions they may raise, test for vulnerabilities they may signal, investigate source code and create (then follow up on) Incidents on the Incident Management System when necessary. 
• Escalate to senior analyst when incident falls out of the field of competence/knowledge
• Find and report unknown vulnerabilities in Fortinet products via black box analysis, fuzzing, and source code auditing.

Requirements and Profile 

Background and Experience: 

• Good security background with an understanding of vulnerabilities at source-code level. 

• In-depth understanding of asymmetric cryptography and web protocols; high proficiency in C language is mandatory. 

• Experience in Static and Dynamic Application Security Testing tools, source code auditing, vulnerability research, pentesting methodologies and fuzzing tools a plus. 

 

Skills: 

• Good analytical skills – ability to understand and analyze information strategically. 

• Detail oriented – follow processes thoroughly. 

• Team player – interact effectively within individual team and other departments alike. 

• Understanding of Fortinet product line-up a plus. 

• Good knowledge of English (written and spoken). 

 

Education: 

• • BS in Computer Science or equivalent required.
• • MS in Computer science preferred. 

 

Fortinet is an equal opportunity employer. We value diversity in our company, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

Fortinet makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 615,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone.