Intern - Application Security

We are eClinicalWorks. We are a privately held leader in healthcare IT, providing comprehensive, cloud based EHR/PRM solutions to medical professionals worldwide to improve workflows and reduce the risk of physician burnout. We care. We are committed to positive change. And that's where you come in. Do you value creativity and innovation? Great, so do we. At eClinicalWorks, we share a passion for improving healthcare through dedication, education, and teamwork. Everyone has that one thing they're really good at. We value your talent and want you to join our fast-paced, fun, and culturally diverse environment. Ready to make a difference? Apply today.

Please note - This role is only eligible for college students who are currently enrolled in a bachelor's or master's program.

Overview

eClinicalWorks is seeking a motivated Application Security Intern to join our Information Security team. This role is ideal for junior or senior‑level students pursuing a degree in cybersecurity, computer science, information systems, or a related field. The intern will support hands‑on penetration testing, vulnerability assessments, and security evaluations of enterprise and customer‑facing ECW applications.

This is a practical, technical role designed for someone excited about learning offensive security techniques and contributing to the overall security posture of the organization.

Primary Responsibilities

• Penetration Testing
• Assist with planning and executing manual and automated penetration tests on web, mobile, and API‑based applications.
• Identify, exploit, and document security vulnerabilities following industry best practices (OWASP, MITRE ATT&CK, NIST).
• Perform recon, scanning, enumeration, and exploitation under supervision of senior security engineers.
• Support development of proof‑of‑concept (PoC) demonstrations for validated findings.
• Vulnerability Assessments
• Conduct vulnerability scans using commercial and open‑source tools (e.g., Burp Suite)
• Validate, triage, and prioritize identified issues.
• Work with engineering teams to help reproduce findings and verify remediation.
• Application Security Support
• Review application architecture, authentication workflows, and access controls for potential weaknesses.
• Participate in secure code review sessions (basic static analysis exposure is acceptable).
• Contribute to threat modeling activities under guidance.
• Documentation & Reporting

Prepare detailed reports summarizing findings, risk levels, and remediation recommendations

Required Qualifications (Junior/Senior Level)

• Currently in a Master's degree in Cybersecurity, Computer Science, Information Technology, or related field.
• Foundational understanding of:
• Web technologies (HTTP/S, APIs, HTML, JavaScript, databases)
• Languages: Java, C#
• Frameworks: dotNet, J2EE
• Network fundamentals (TCP/IP, routing, ports, protocols)
• Common application vulnerabilities (OWASP Top 10)
• Familiarity with at least one penetration testing or security tool:
• Burp Suite, Nessus, Metasploit, Wireshark, etc.
• Basic scripting or programming experience (Python, JavaScript, Bash, PowerShell, or similar).
• Strong analytical, problem‑solving, and communication skills.
• Ability to handle sensitive information responsibly and maintain confidentiality.

Preferred Qualifications (Nice‑to‑Have)

• Previous coursework or personal projects in security, digital forensics, reverse engineering, or malware analysis.
• Hands‑on experience in a lab environment
• Exposure to secure development practices or code review.
• Experience with cloud environments (AWS, Azure,GCP) or containerized applications (Docker/Kubernetes).
• Industry Security Certifications are a plus

Soft Skills

• Curiosity and passion for cybersecurity.
• Willingness to learn and take initiative.
• Ability to work both independently and collaboratively.
• Strong attention to detail and thoroughness.

What the Intern Will Gain

• Real‑world experience in offensive security and secure software development.
• Mentorship from Application Security and Engineering teams.
• Practical exposure to enterprise security tools and environments.
• Opportunity to contribute meaningfully to real‑world penetration testing engagements.

Compensation:

Hourly pay range of $23 - $25 USD.

eClinicalWorks is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills, and experiences that bring us together and help create a healthy world.