Product Security Engineer-6 month internship

Internship: PSIRT Security Tooling & Protocol Fuzzing (6 months)

Overview

Join our Product Security Incident Response Team (PSIRT) to enhance our automated vulnerability discovery capabilities. This project focuses on expanding our Dynamic Application Security Testing (DAST) toolkit by integrating a high-performance TCP/UDP fuzzer.

Fuzzing is a cornerstone of modern security research, used to uncover critical flaws—such as memory corruption, logic errors, and code injection—by injecting malformed data into network protocols. Your work will directly impact the security of Fortinet products by identifying vulnerabilities before they can be exploited in the wild.

Objectives & Responsibilities

As a Product Security Engineer Intern, you will bridge the gap between software development and offensive security research. Your journey will include:

• Conduct a deep-dive analysis of existing local and network-based fuzzing solutions.
• Architect and implement a fuzzer tailored for Fortinet’s and standard network protocols. This involves: 
  • Generation & Mutation: Creating packet generation logic based on product-specific protocol specifications.
  • Instrumentation: Developing mechanisms to monitor target products for crashes, hangs, or unintended behaviors.
• Vulnerability Discovery: Deploy your tool against live products to detect regression of known flaws and discover "zero-day" vulnerabilities.
• Integration: Ensure the tool is modular and ready to be integrated into our continuous DAST pipeline.