Build a security assessment tool


The internship will preferably take place in our French offices; remote work is possible if imposed by regulation. Compensation according to regulation.


At DecisionBrain, we develop and provide a software platform called DB Gene. This software platform is used internally to build software solutions for our customers, or is used directly by our customers when they want to build their own applications. The platform is a guide and a foundation for the software built on top of it. So at DecisionBrain we need to monitor the software quality of the platform from a security point of view to ensure we do not introduce vulnerabilities in our customer’s applications. We already have various tools that search for vulnerabilities at the different stages of the production of the platform. These tools generate some reports in various formats. These reports have to be consolidated regularly in an assessment of the remaining vulnerabilities of the platform. The assessment is currently a human analysis of each remaining vulnerability.

What you will do

The objective of this internship is to build a tool to gather all the reports in a unified format and conduct a set of automatic analyses that will help the analyst to assess the vulnerabilities.
The tool needs to be extensible and able to easily handle new reports formats or new automatic analyses.

What you will learn

During the internship, you will learn the security process we have put in place and an overview of each of the tools used to scan vulnerabilities.

The global architecture (Kubernetes deployments) and the design of the code for the extensible system will be explained and discussed.
You will learn how to rapidly setup a web application with Spring Boot.
You will have the opportunity to learn and understand the concepts behind vulnerability assessment.
You will have regular code reviews.

Skills Required

On the technical side, the following skills will be required. You are not expected to fully master all of them, but you should be proficient enough in at least part of them, so that acquiring the other skills is doable.

  • Typescript / Angular development (a very small interface will be done in Angular).
  • Knowledge of REST API principles, and of exchange formats such as XML and JSON.
  • Java development (the back-end will be developed in Java).
Beyond technical skills, the candidate is expected to be autonomous and able to collaborate efficiently with other team members. Reasonable levels in spoken French and written English are mandatory.