Security Engineer Intern

About Fam (previously FamPay) Fam is India's first payments app for everyone above 11. FamApp helps make online and offline payments through UPI and FamCard. We are on a mission to raise a new, financially aware generation, and drive 250 million+ youngest users in India to kickstart their financial journey super early in their life. Founded in 2019 by IIT Roorkee alumni, Fam is backed by some of the most respected investors around the world like Elevation Capital, Y-Combinator, Peak XV (Sequoia Capital) India, Venture Highway, Global Founder’s Capital and the likes of Kunal Shah, Amrish Rao as angel investors. About the Role We are looking for a Security Enthusiast who thinks like a hacker but works for the good guys. You shouldn't just find bugs; you should be obsessed with understanding why they exist and how to fix them for good. As an Application Security Engineer Intern, you will be the first line of defense for the Fam. You will break things before the bad guys do, automate security checks, and work side-by-side with our engineering team to build a fortress around our users' hard-earned money. If you get a rush from finding an RCE, live on r/netsec, or spend your weekends capturing flags or bounties, this role is for you. Note: This is an onsite internship at Fam HQ, Bangalore. Curious to know about FamPay's tech stack? Click here to know what makes and keeps Fam running! On the Job

Break the App: Perform vulnerability assessments and penetration testing (VAPT) on our Web Applications, Android/iOS Apps, and APIs.

Automate Defense: Help integrate security tools (SAST/DAST) into our CI/CD pipelines. We believe security should move as fast as our code.

Code Review: Review source code for security flaws (like SQLi, XSS, IDOR) and help developers write secure code from day one.

Bug Triage: Analyze incoming bug reports from our Bug Bounty programs, validate them, and prioritize fixes.

Threat Modeling: Work with product and engineering teams during the design phase to identify potential security risks before a single line of code is written.

Learn & Evolve: Stay updated with the latest CVEs, zero-days, and security trends.

Who you are

The Hacker Mindset: You have a deep understanding of the OWASP Top 10 (Web & Mobile) and know how to exploit and patch them.

Tool Wizardry: Hands-on experience with tools like Burp Suite, Metasploit, Nmap, Postman, or similar open-source security tools.

Coding Chops: You can read code (Python, Go, Java, or JavaScript) and write scripts to automate attacks or defenses.

Curiosity: You are a student of the game. You actively participate in CTFs, Bug Bounties, or have a rank on platforms like HackTheBox/TryHackMe.

Communication: You can explain a complex vulnerability to a developer without sounding like a robot.

Bonus Points

Experience with Cloud Security (AWS/GCP).

A Hall of Fame mention in any major tech company's Bug Bounty program.

Open source security contributions.

Why Join Us?

Impact: You’ll be protecting the financial data of millions of teenagers. The bugs you find and fix will have a direct, real-world impact.

Mentorship: Work directly with founding members and senior engineers who have built systems at scale.

Perks: Competitive stipend, Certificate and Letter of Recommendation, Friendly leave policy, and cool Fam merchandise!