Job Description

What the role is:
Project Title: Development of Scanning Solutions for Mobile Apps This project aims to explore, design and prototype components of a static analysis capability tailored for mobile applications. The focus is to identify common security weaknesses found in Android and iOS apps and assess how automated checks can be integrated into broader mobile-app security workflows. The work will support CSA's ongoing efforts to build developer-centric security tools and strengthen mobile-app security baselines.
What you will be working on:
The intern will support the team in developing and validating a proof-of-concept SAST solution. This includes: o Investigating existing static analysis techniques, tools and open-source frameworks suitable for mobile codebases. o Analysing common mobile-app vulnerability patterns (e.g. insecure data storage, improper certificate handling, excessive permissions, weak cryptographic practices). o Designing rule-sets or heuristics that can detect selected issues reliably with low false positives. o Assisting in building parsing or scanning modules, integrating third-party libraries where appropriate. o Running experiments on sample apps and documenting findings to inform tool refinement. o Preparing technical documentation and presenting project outcomes to internal stakeholders. The intern will work closely with the mobile security team, gaining practical experience in secure-app development, security tooling, and mobile-app threat analysis.
What we are looking for:

• Interns available to start in January 2026, minimum commitment of 6 months. o Strong interest in cybersecurity or mobile application development. o Basic programming skills in Python, Java, Kotlin or Swift. o Understanding of mobile-app architecture and common security concepts. o Ability to work independently, document findings clearly and iterate based on feedback. o Good-to-Have: o Prior experience with mobile development (Android Studio, Xcode) or exposure to mobile-app reverse engineering. o Familiarity with security testing concepts such as SAST, DAST or code-quality analysis. o Understanding of static analysis frameworks such as Semgrep, MobSF, CodeQL or similar tools. o Experience with Git, CI pipelines, or basic automation scripts

About Cyber Security Agency of Singapore:
About the Cyber Security Agency of Singapore Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore's cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore's Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister's Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg

Skills Required