About Firebolt

Firebolt is the Cloud Data Warehouse designed to handle the speed, scale, and flexibility of AI applications. By delivering ultra-low latency, high concurrency, multi-dimensional elasticity, and flexibility, Firebolt empowers organizations to build data-intensive AI applications that perform at scale. With over $270m in funding to date, a strong engineering team and highly experienced leadership, Firebolt is well positioned to revolutionize the AI data infrastructure space and help businesses unlock the full potential of their data.

About the role

As a Security Engineer Intern, you will have the opportunity to make a meaningful impact on Firebolt’s software security posture, by improving how we detect and address security vulnerabilities during development. Your work will contribute to catching insecure code earlier and more accurately, reducing false positives, and increasing adoption of static analysis among engineers. Additionally, your efforts will help optimize security tool investments by leveraging open-source technologies. 

You will work closely with our Security Researcher, who will provide dedicated mentorship and guidance throughout your internship, ensuring you gain valuable hands-on experience whilst maximizing your impact.

About the day to day

• Evaluate various open source SAST tools (e.g. Semgrep, Cppcheck, clang-analyzer) against our complex codebases
• Write taint analysis rules to detect and reduce injection attack surfaces 
• Benchmark them against each other (false positives, coverage, etc.)
• Help replace existing SAST framework with the highest scorer
• Develop internal tooling to scan 3rd party C++ libraries for vulnerabilities

• Passion for building secure software and tackling complex security challenges.
• Ability to thrive in a fast-paced startup environment and manage multiple priorities.
• Strong programming skills in at least two of the following languages: Python, C/C++, Golang.
• Experience with Git and writing complex CI/CD workflows.
• Hands-on experience with software development on cloud platforms (AWS, Azure).
• Strong foundational knowledge of securing low-level code, including issues such as: Illegal/null pointer dereferencing, Divide-by-zero errors, Use of uninitialized values, Out-of-bounds memory access

A bonus if you have

• Familiarity with compiler internals (Clang/LLVM preferred), and build frameworks like CMake/Ninja.
• Experience debugging with gdb/lldb and working with assembly language (x86-64 preferred).
• Experience with container technologies like Docker/Kubernetes.