Product Security Intern

About Funding Societies | Modalku: Funding Societies | Modalku is the largest, high-growth SME digital financing and payments platform operating across Southeast Asia. Unified under our core values to Grow Relentlessly and Focus on Impact, we have secured elite backing from visionaries including Sequoia India (Peak XV), SoftBank Vision Fund, Khazanah, and SMBC Bank. We bridge financial access gaps by providing bespoke financing and digital transactional tools to small and medium-sized enterprises, funded seamlessly by individual and institutional investors across Singapore, Indonesia, Thailand, Malaysia, and Vietnam.

Position Overview

We are seeking a highly motivated, curious Product Security Intern to join our internal Application Security engineering team. Moving far beyond traditional administrative internships, this hands-on technical track places you at the absolute forefront of modern DevSecOps, offensive security, and artificial intelligence exploration. Working under direct mentorship from our in-house cybersecurity experts, you will prototype next-generation solutions leveraging Large Language Models (LLMs) to automate threat modeling and vulnerability triage. You will play an active role in researching autonomous penetration testing AI agents, configuring continuous deployment analysis filters, and embedding a robust security culture across our engineering squads.

Key Responsibilities

• GenAI Security Workflows: Research and engineer prototype integrations utilizing advanced generative AI frameworks to automate macro threat modeling, parse incoming bug reports, and draft secure remediation snippets.
• Autonomous Penetration Testing: Assist in building, testing, and running script-driven or agentic AI solutions designed to execute automated offensive security validation within test environments.
• Secure SDLC Integration: Team up with senior security engineers to integrate, calibrate, and tune continuous testing mechanisms including SAST, DAST, Supply Chain Security, and Software Composition Analysis (SCA) inside CI/CD lines.
• Vulnerability Pipeline Management: Audit security analyzer findings, filter out false-positive telemetry, and cooperate directly with core software engineers to patch underlying vulnerabilities.
• Adversarial Vector Research: Track emerging machine learning vulnerability vectors (such as prompt injection patterns or model poisoning) to build safe internal AI usage documentation.

Required Skills & Qualifications

• Solid foundational grasp of core web security principles, authentication protocols, secure cryptography, networking, and the OWASP Top 10 matrix.
• Proficiency writing scripts in at least one software language (preferably **Python, Go, JavaScript, or Bash**) to connect APIs and handle system automations.
• Deep curiosity regarding Large Language Model architectures, with a strong interest in deploying generative models offensively and defensively.
• A clear builder’s mindset, featuring conceptual familiarity with version control via Git and basic cloud continuous integration setups.
• Strong problem-solving and analytical instincts, optimized to breakdown ambiguous software bugs independently.
• Education: Actively pursuing or holding an academic background in Computer Science, Cybersecurity, Information Security, or related engineering systems.
• Location Context: 100% remote-first operational infrastructure flexibility restricted exclusively to qualified applicants permanently operating from Singapore, Malaysia, India, Indonesia, or Thailand.

Preferred Strategic Indicators (Nice to Have)

• Prior experience interacting programmatically with foundational LLM endpoints (such as OpenAI, Gemini, or Anthropic developer APIs).
• Familiarity with cloud-native environment protections, container orchestration components, or automated vulnerability tracking tools.

What You’ll Get Out of It

• Expert Mentorship & Training: Receive direct, hands-on guidance from veteran in-house security practitioners, gaining a holistic overview of enterprise-grade DevSecOps architectures.
• Direct Code Impact: Write production-ready scripts and logic that directly scale how our international security division monitors and guards asset footprints.
• Profound flexible working schedules designed to give back full work-life control and accommodate individual production routines.
• Comprehensive organizational support including company-provided laptops, premium technical tool licensing, and targeted mental wellness coaching networks.