We're hiring
Security Engineering Intern
Ship code in your first week. Learn security by doing it on real engagements.
About VRG
VRG is a technology consultancy that builds and secures software for clients across legal, enterprise SaaS, and professional services. We deliver AI-powered security assessments, custom web applications, and intelligent automation. Our clients include law firms, enterprise platforms, and event companies across Asia and beyond.
The Internship
This is a paid internship for current students or recent graduates in Computer Science, Mathematics, Physics, or other hard sciences. We care about how you think and what you can build, not how many years of experience you have.
This is an AI-first team. Every engineer here uses AI coding tools daily — Claude Code, Cursor, Copilot — as core parts of their workflow. You'll be expected to learn fast with these tools, not in spite of them. If you're the kind of person who's already tinkering with LLMs, building side projects with AI assistance, or just deeply curious about how these systems work, you'll fit right in.
What You'll Work On
You'll rotate across real client work and internal projects, paired with a senior engineer. Expect a mix of security-focused tasks and full stack development:
- ▸Assist with web application security assessments — learning to identify vulnerabilities like XSS, IDOR, SSRF, auth bypass, and API misconfigurations
- ▸Write and review code across the stack (React, TypeScript, Node.js, Python) — we'll meet you where you are
- ▸Help build and improve AI-augmented internal tools for security audit workflows
- ▸Learn to use professional security tooling: Burp Suite, OWASP ZAP, Semgrep
- ▸Write up findings in clear, structured reports that clients can act on
- ▸Get hands-on with cloud infrastructure: AWS, Docker, CI/CD pipelines
This isn't a “fetch coffee and watch” internship. You'll ship code in your first week.
Who We're Looking For
Requirements
- ▸Currently pursuing or recently completed a degree in Computer Science, Mathematics, Physics, Engineering, or a related hard science
- ▸Comfortable writing code in at least one language (Python, JavaScript/TypeScript, or similar)
- ▸Genuinely curious about security — you don't need to be an expert yet, but you should know what OWASP is and have a view on why security matters
- ▸Demonstrated interest in AI tools and workflows — show us a side project, a script, a repo, anything where you used AI to build something
- ▸Clear communicator who can explain technical concepts in writing
- ▸Able to work independently in an async, remote environment
Big Pluses
- ▸Thai language ability — several of our clients operate in Thailand, and being able to communicate in Thai for client calls, documentation, or navigating Thai-language systems is genuinely valuable
- ▸Experience with CTF competitions, bug bounty platforms, or personal security research
- ▸Contributions to open-source projects or a visible portfolio of side projects
We welcome candidates from non-traditional backgrounds. If you studied physics but taught yourself to code, or you're a maths major who got obsessed with CTF competitions, we want to hear from you. Structured thinking and raw curiosity transfer well into security work.
What We Offer
Paid internship
Competitive compensation for the region. This is real work and we pay for it.
Real project work from day one
Direct mentorship from senior engineers on live client engagements — not busywork.
Professional exposure
Learn security audit methodology and AI-augmented development workflows used on real assessments.
Path to full-time
Strong performers will be offered a permanent role. We hire from our internship pipeline first.
Interview Process
Quick and straightforward. We respect your time:
- 1
Intro call(30 min)
Tell us what you're interested in. Walk us through something you've built.
- 2
Short technical task(async)
A small, realistic exercise. Use whatever tools you want, including AI.
- 3
Offer
We move fast when we find the right person.
How to Apply
Send an email to careers@vrg.asia with the subject line “Security Intern — [Your Name]” and include:
- ▸Your CV or LinkedIn profile
- ▸A short note (a few sentences is fine) about what interests you about security and/or AI
- ▸A link to anything you've built — GitHub, a side project, a write-up, a CTF profile, whatever shows how you think
No cover letter needed. We respond to every applicant.
VRG is an equal opportunity employer. We evaluate candidates on ability and output, not pedigree. If you can build it and break it, we want to talk to you.