AI-Based Code Security Review Internship (6 months full time)

Location: Praha, CzechiaThales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure.Thales in the Czech Republic employs over 400 people from 45 different nationalities. A total of 15 teams work on projects for government agencies, banking, mobile services and the Internet Of Things (IoT) technology. At the core of our business is the development of software which we configure and embed in a multitude of different devices and form factors. These include many kinds of payment cards, SIM cards, travel passes, secure eBanking devices, authentication tokens, machine identification modules (MIM), and secure ID documents including ePassports, eID and eHealth cards, as well as eDriving licenses. Because of the international environment surrounding us every day, it comes as no surprise that English is our official corporate language.

We are looking for a hands-on AI enthusiast with knowledge or at least interest in software security. The goal of this internship is to get up to speed on the following topics and activities within Thales Cyber and Digital and take them even further: AI-powered security assurance over new code 

• What is the best way to prompt for a secure code?
•  - Utilization of AI for code reviews and peer reviews - can AI efficiently and reliably do this?
•  - AI-powered security assurance over existing code
• What is the best way to prompt for a security code review or assessment?
•  - Can AI efficiently and reliably identify weaknesses in existing code base?
•  - Can AI efficiently and reliably audit existing code base against a set of defined rules?

Can usage of AI make current security tools in use more efficient or improve their performance?

What is the best way to define rules for AI-powered code audits?

The above should reflect Thales internal policies and requirements as well as relevant industry standards and best practices. The outcomes should be well document set of best practices, approaches and enablers directly usable by Thales engineers or security professionals including their limitations. Different LLMs should be assessed and compared on different programming languages. 

• What you will do:
•  - Learn from our experts working on the above topics
•  - Work with AI-powered Integrated Development Environment (IDE)
•  - Interact with internally hosted LLMs via Command Line Interface (CLI)
•  - Create usable knowledge base for AI
•  - Define RAG knowledge sets for chatbots
•  - Interconnect various components with an IDE via Model Context Protocol (MCP)
• Must-have requirements:
•  - Practical knowledge of AI and LLMs (how things work - basics of machine learning, AI agents architecture etc.)
•  - Hands-on experience with AI and different LLMs (e.g. prompt engineering for professional or personal purposes)
•  - General knowledge of software engineering processes and practices
•  - Basic understanding of software security flaws and defenses (e.g. password protection, input validation, CVEs, CWEs)
•  - Ability to read code
• Nice-to-have requirements:
•  - Understanding of Model Context Protocol (MCP)
•  - Software security experience or background
•  - Knowledge of relevant industry security standards and best practices (OWASP, NIST, CIS...)
•  - Coding experience in at least one of the following: Java, C, .NET, JavaScript

At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working. Great journeys start here, apply now!