Project Title: Development of Scanning Solutions for Mobile Apps
This project aims to explore, design and prototype components of a static analysis capability tailored for mobile applications. The focus is to identify common security weaknesses found in Android and iOS apps and assess how automated checks can be integrated into broader mobile-app security workflows. The work will support CSA’s ongoing efforts to build developer-centric security tools and strengthen mobile-app security baselines.
Cyber Security Agency of Singapore
Intern - Cybersecurity Engineering Centre
Internship
Closing on 28 Dec 2025What the role is
What you will be working on
The intern will support the team in developing and validating a proof-of-concept SAST solution. This includes:
• Investigating existing static analysis techniques, tools and open-source frameworks suitable for mobile codebases.
• Analysing common mobile-app vulnerability patterns (e.g. insecure data storage, improper certificate handling, excessive permissions, weak cryptographic practices).
• Designing rule-sets or heuristics that can detect selected issues reliably with low false positives.
• Assisting in building parsing or scanning modules, integrating third-party libraries where appropriate.
• Running experiments on sample apps and documenting findings to inform tool refinement.
• Preparing technical documentation and presenting project outcomes to internal stakeholders.
The intern will work closely with the mobile security team, gaining practical experience in secure-app development, security tooling, and mobile-app threat analysis.
What we are looking for
• Interns available to start in January 2026, minimum commitment of 6 months.
• Strong interest in cybersecurity or mobile application development.
• Basic programming skills in Python, Java, Kotlin or Swift.
• Understanding of mobile-app architecture and common security concepts.
• Ability to work independently, document findings clearly and iterate based on feedback.
• Good-to-Have:
o Prior experience with mobile development (Android Studio, Xcode) or exposure to mobile-app reverse engineering.
o Familiarity with security testing concepts such as SAST, DAST or code-quality analysis.
o Understanding of static analysis frameworks such as Semgrep, MobSF, CodeQL or similar tools.
o Experience with Git, CI pipelines, or basic automation scripts
About your application process
This job is closing on 28 Dec 2025.
If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and apply for other roles within Cyber Security Agency of Singapore or the wider Public Service.
About Cyber Security Agency of Singapore
About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg
Learn more about Cyber Security Agency of Singapore