Upstox – App Security Intern

Job Description

Upstox is seeking a passionate and security-focused App Security Intern to join its Security Engineering team in Bangalore. This internship offers a unique opportunity to work at one of India's fastest-growing fintech companies, where security plays a critical role in protecting millions of investors and traders. As an Application Security Intern, you will gain hands-on experience identifying, analyzing, and mitigating security vulnerabilities across web applications, mobile platforms, APIs, cloud environments, and modern microservices architectures. Unlike traditional internship programs that focus primarily on observation, this role empowers interns to contribute directly to security initiatives that impact real-world products and services used by millions of customers.

The App Security Intern will collaborate closely with software engineers, product teams, cloud infrastructure specialists, and senior security professionals to integrate security throughout the Software Development Life Cycle (SDLC). Responsibilities will include conducting application security assessments, participating in threat modeling sessions, reviewing architecture designs, and evaluating authentication and authorization mechanisms. Interns will also support the company's bug bounty program by validating security findings, assessing risk levels, and coordinating remediation efforts with engineering teams. This role provides exceptional exposure to practical application security challenges in a fast-paced fintech environment where innovation and security must coexist seamlessly.

Working at Upstox means being part of a modern, cloud-native organization that leverages cutting-edge technologies including AWS, Docker, Kubernetes, CI/CD pipelines, microservices, and emerging AI-powered systems. The internship offers valuable opportunities to build security automation tools, write scripts that improve security operations, and contribute to the development of scalable security solutions. Candidates will gain hands-on experience in offensive security testing, cloud security assessments, DevSecOps practices, and secure software engineering. This internship serves as an excellent foundation for aspiring cybersecurity professionals looking to build careers in application security, cloud security, penetration testing, DevSecOps, security engineering, and fintech cybersecurity.

Roles & Responsibilities

1. Perform comprehensive security assessments of web applications, mobile applications, and APIs to identify vulnerabilities, assess risks, and recommend appropriate remediation measures.
2. Participate in application architecture reviews and threat modeling exercises to identify potential security weaknesses during the design and development phases.
3. Conduct vulnerability validation and triage activities for bug bounty submissions by assessing impact, reproducing findings, and coordinating remediation efforts.
4. Develop and maintain automation scripts using Python or Golang to improve security testing processes and reduce manual effort across security operations.
5. Assist in integrating security controls and automated testing capabilities into CI/CD pipelines to strengthen secure software delivery practices.
6. Review AWS cloud infrastructure configurations to identify common security misconfigurations, access control weaknesses, and compliance-related concerns.
7. Evaluate the security posture of microservices-based applications and containerized environments running on Docker and Kubernetes platforms.
8. Collaborate with development teams to review and strengthen authentication and authorization implementations using OAuth 2.0, SAML, and OpenID Connect (OIDC).
9. Research emerging cybersecurity threats, attack techniques, and AI-related security risks to help improve organizational security preparedness.
10. Contribute to the development of internal security tools, dashboards, and utilities that enhance the efficiency and scalability of security operations.
11. Create technical documentation, security guidelines, and knowledge-sharing resources that help improve awareness across engineering teams.
12. Support ongoing security initiatives by monitoring vulnerabilities, tracking remediation progress, and promoting secure coding best practices.

Requirements & Eligibility

1. Currently pursuing or recently completing a Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity, Software Engineering, or a related discipline, with graduation expected in 2026.
2. Strong understanding of application security fundamentals, including common web, mobile, and API vulnerabilities covered under OWASP Top 10 standards.
3. Hands-on experience performing security testing, vulnerability assessments, or penetration testing across web applications, mobile platforms, and APIs.
4. Knowledge of authentication and authorization technologies such as OAuth 2.0, SAML, OpenID Connect (OIDC), and their associated security risks.
5. Familiarity with AWS cloud services and common cloud security issues including exposed storage resources, misconfigured IAM permissions, and insecure network configurations.
6. Proficiency in Python or Golang programming with the ability to develop automation scripts, security tools, and testing utilities.
7. Basic understanding of CI/CD pipelines, DevSecOps concepts, software development workflows, and secure deployment practices.
8. Knowledge of containerization technologies such as Docker, Kubernetes, and microservices architecture from a security perspective.
9. Awareness of emerging AI and machine learning security threats including prompt injection attacks, model manipulation, adversarial inputs, and data leakage risks.
10. Excellent analytical, problem-solving, communication, and collaboration skills with the ability to explain vulnerabilities and recommend practical mitigation strategies.
11. Strong self-learning ability, curiosity, and ownership mindset with a passion for cybersecurity, secure software development, and emerging technologies.
12. Certifications such as OSCP, CEH, GWAPT, eJPT, Security+, or relevant cybersecurity achievements will be considered an added advantage.

Expected Salary

The expected stipend for an App Security Intern at Upstox generally ranges between ₹25,000 and ₹60,000 per month, depending on academic background, cybersecurity expertise, internship experience, and technical assessment performance. Candidates with hands-on experience in penetration testing, application security, cloud security, or bug bounty programs may receive compensation at the higher end of the range. In addition to the stipend, interns gain valuable exposure to enterprise-grade security engineering practices, mentorship opportunities, and real-world fintech security challenges.

🚨 Stop Scrolling – This Could Be Your Shortcut to Interviews

Most candidates apply to 100+ jobs and never hear back.
The real reason? They don’t know where recruiters are actually hiring from.

Our April Hiring PDF includes verified HR emails and hiring details from companies like:

Dentsu, IBM, HCL, PwC, LTIMindtree, Wipro, Cognizant, Deloitte, Capgemini, Amazon, TCS, Infosys, EPAM, EY, NTT Data, Tech Mahindra, Fractal, GlobalLogic, Coforge, UST and many more.

Inside you’ll find:
✔ 300+ Fresher Job Opportunities
✔ 2500+ Verified HR Emails & Contacts
✔ Direct Hiring + Consultancy Openings
✔ IT & Non-IT Roles

🔥 60+ students placed recently using these hiring leads

👉 Grab the April Hiring List Now: April Hiring PDF