Rivian is on a mission to keep the world adventurous forever. This goes for the emissions-free Electric Adventure Vehicles we build, and the curious, courageous souls we seek to attract.
As a company, we constantly challenge what’s possible, never simply accepting what has always been done. We reframe old problems, seek new solutions and operate comfortably in areas that are unknown. Our backgrounds are diverse, but our team shares a love of the outdoors and a desire to protect it for future generations.
Role Summary
This internship offers a unique opportunity to gain hands-on experience in real-world penetration testing. As a Cybersecurity Pentester Intern, you will work alongside experienced penetration testers, contributing to engagements against modern technology stacks, internal infrastructure, networks, and web/mobile applications. This role is ideal for individuals eager to learn and develop their ethical hacking skills in a fast-paced environment. An added benefit to this opportunity is the ability to work closely with experts from related domains, such as Application Security, Cloud Security and Vulnerability Management, while directly testing our cybersecurity defenses.
Responsibilities
Assist in performing manual and automated penetration tests on web applications, APIs (REST and GraphQL), and internal networks.
Participate in the identification, exploitation, and manual validation of security vulnerabilities across the company's tech stack.
Contribute to the documentation of penetration testing findings, helping write clear and actionable reports detailing exploitation steps and remediation guidance.
Support the team in researching emerging threats, zero-day vulnerabilities, and developing custom testing payloads or scripts.
Assist in internal tooling and automation development to streamline penetration testing workflows and increase testing efficiency.
Assist in parallel penetration testing engagements and targeted security assessments.
Research and stay up-to-date on the latest penetration testing tools and methodologies.
Assist in supporting the validation and triage of Bug Bounty submissions.
Qualifications
Currently pursuing a degree in Computer Science, Cybersecurity, Information Technology, or a related field.
Basic knowledge and understanding of penetration testing methodologies (e.g., OWASP Top 10, PTES).
Familiarity with standard penetration testing tools (e.g., Burp Suite, OWASP ZAP).
Foundational understanding of networking concepts (TCP/IP, DNS, routing) and web application architecture.
Strong analytical and problem-solving skills, coupled with a natural "hacker" mindset.
Excellent communication skills, with the ability to clearly articulate technical risks to both technical and non-technical audiences.
Willingness to break stuff so you could learn the principle of how something works.
Desired Skills/Qualifications (Nice to Haves):
Hands-on experience with scripting languages commonly used in pentesting (e.g., Python, Bash).
Active participation in bug bounty programs, CTFs (Capture The Flag), or training platforms like HackTheBox, TryHackMe, or VulnHub.
Familiarity with cloud technologies (AWS, GCP, Azure) and containerization platforms (Docker/Kubernetes).
Basic understanding of mobile application testing (iOS/Android) or reverse engineering.
Any foundational penetration testing certifications or related coursework (e.g., eJPT, PNPT, or coursework leading towards OSCP).
Learning Opportunities:
Gain practical experience conducting penetration tests in a modern, complex enterprise environment.
Learn advanced ethical hacking techniques, payload crafting, and exploitation strategies from experienced penetration testers.
Develop skills in chaining multiple low-level vulnerabilities together to demonstrate maximum business impact.
Gain exposure to cutting-edge technology stacks, modern web frameworks, and API testing methodologies.
Enhance your ability to write professional penetration testing reports and communicate security risks effectively to stakeholders.
Pay Disclosure
We offer a competitive compensation package, with details to be discussed during the interview process.
Equal Opportunity
Rivian is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender, gender expression, gender identity, genetic information or characteristics, physical or mental disability, marital/domestic partner status, age, military/veteran status, medical condition, or any other characteristic protected by law.
Rivian is committed to ensuring that our hiring process is accessible for persons with disabilities. If you have a disability or limitation, such as those covered by the Americans with Disabilities Act, that requires accommodations to assist you in the search and application process, please email us at candidateaccommodations@rivian.com.
Candidate Data Privacy
Rivian may collect, use and disclose your personal information or personal data (within the meaning of the applicable data protection laws) when you apply for employment and/or participate in our recruitment processes (“Candidate Personal Data”). This data includes contact, demographic, communications, educational, professional, employment, social media/website, network/device, recruiting system usage/interaction, security and preference information. Rivian may use your Candidate Personal Data for the purposes of (i) tracking interactions with our recruiting system; (ii) carrying out, analyzing and improving our application and recruitment process, including assessing you and your application and conducting employment, background and reference checks; (iii) establishing an employment relationship or entering into an employment contract with you; (iv) complying with our legal, regulatory and corporate governance obligations; (v) recordkeeping; (vi) ensuring network and information security and preventing fraud; and (vii) as otherwise required or permitted by applicable law.
Rivian may share your Candidate Personal Data with (i) internal personnel who have a need to know such information in order to perform their duties, including individuals on our People Team, Finance, Legal, and the team(s) with the position(s) for which you are applying; (ii) Rivian affiliates; and (iii) Rivian’s service providers, including providers of background checks, staffing services, and cloud services.
Rivian may transfer or store internationally your Candidate Personal Data, including to or in the United States, Canada, the United Kingdom, and the European Union and in the cloud, and this data may be subject to the laws and accessible to the courts, law enforcement and national security authorities of such jurisdictions.
Please note that we are currently not accepting applications from third party application services.