End of Studies Internship - Cybersecurity Engineer Intern - IS&IT

<p><strong>About Us</strong></p><p>At Medius, we believe managing finance should be about strategy, not stress. That same mindset shapes not only the solutions we build, but also the culture we create for our people. We remove complexity, embrace innovation, and give our teams the freedom to focus on what truly matters — whether that’s transforming the future of finance with AI or finding balance to go home on time.</p><p>Founded in Sweden in 2001, Medius has grown from a local startup into a global leader in cloud-based spend management solutions. Today, thousands of organizations worldwide trust us to simplify accounts payable and spend management processes. Our journey has been driven by continuous innovation, a passion for technology, and above all — the people who make it happen.</p><p>We’re more than a software company. We’re a team of problem-solvers, innovators and collaborators working together to reinvent the category of accounts payable. Our solutions use Artificial Intelligence to eliminate manual work, bring clarity, confidence, and control, and empower finance teams of the future.</p><p><strong>At Medius, </strong>our values guide how we work and grow together:</p><ul><li><p><strong>Connect</strong> – We believe in the power of people—individually and collectively—and our success depends on understanding and respecting each other. We appreciate that ‘empowering finance teams of the future’ is an exciting endeavor, and we share it with everyone around us.</p></li></ul><ul><li><p><strong>Question</strong> – We enjoy the challenge of our work and the thrill of collaboration. We are not afraid to question ourselves and each other because we believe diverse perspectives can lead to better outcomes and that there is great power in resolution.</p></li></ul><ul><li><p><strong>Own</strong> – We are thorough, thoughtful, and decisive. We anticipate what’s next, what a customer might need, and then we deliver. That’s how we get things done. And that’s how we remain a leader. Customers trust us to do our job so that they can focus on what they do best.</p></li></ul><p>At Medius, you’ll join a diverse, global community where curiosity is celebrated, ideas matter, and innovation never stops. If you’re passionate about technology, eager to make an impact, and ready to grow alongside a team that lives its values, Medius is where you can do your best work — your impact is global.</p><p>Learn more at&nbsp;<a target="_blank" href="http://www.medius.com/">www.medius.com</a></p><p><span><strong>Title</strong></span></p><p><span>AI Securing AI: An Automated Framework for Continuous Penetration Testing of LLM-Based Systems</span></p><p><span><strong>Role Summary</strong></span></p><div><p><strong><em>Context and Problem Statement</em></strong></p></div><div><p>Medius develops enterprise financial automation and spend management solutions that increasingly integrate Artificial Intelligence (AI) and Large Language Models (LLMs) across multiple products and features, including document understanding, intelligent data extraction, decision support, and conversational interfaces. While these technologies provide strong business value, they also introduce new security risks that are not fully addressed by traditional application security testing approaches.</p><p><strong><em>Objectives</em></strong></p><p>The objective of this end-of-study internship is to design and implement an automated framework for continuous penetration testing of LLM-based systems used in Medius products.</p><p><strong><em>Methodology</em></strong></p><p>This end-of-study internship proposes a two-fold approach combining industrial system analysis and implementation with a clear research and methodological component, in line with the academic expectations of engineering schools.</p><p><span><strong>What you’ll do</strong></span></p><ol><li><p><em>First Fold: Analysis and Design of an AI Penetration Testing Framework</em></p></li></ol></div><div><p>The first phase focuses on understanding and structuring AI security testing within the Medius product ecosystem.</p><p>It starts with a comprehensive analysis of Medius products in order to:</p></div><ul><li><p>Identify where and how AI and LLMs are used across Medius solutions</p></li><li><p>Understand AI-related data flows, integrations, and trust boundaries</p></li><li><p>Classify AI use cases according to their security sensitivity, exposure, and business impact</p></li></ul><p>In parallel, the intern will conduct a state of the art study on AI and LLM security, covering:</p><ul><li><p>Threats and vulnerabilities specific to AI-driven systems</p></li><li><p>Existing AI penetration testing and red teaming methodologies</p></li><li><p>Reference frameworks and standards, including:</p><ul><li><p>OWASP Top 10 for Large Language Models</p></li><li><p>MITRE ATLAS (Adversarial Threat Landscape for AI Systems)</p></li><li><p>NIST AI Risk Management Framework (AI RMF)</p></li><li><p>ISO/IEC standards related to AI risk and security</p></li><li><p>Relevant academic research on adversarial prompting, model abuse, and robustness</p></li></ul></li></ul><div><p>Based on both the product analysis and the state of the art, the intern will:</p></div><ul><li><p>Define a threat model tailored to Medius AI use cases</p></li><li><p>Identify and formalize relevant attack scenarios</p></li><li><p>Design a structured AI penetration testing framework, including methodology, test scenarios, and evaluation metrics</p></li></ul><div><p>This phase has a strong analysis and research dimension, and results in a reusable framework adapted to Medius products.</p><p><em>2.Second Fold: Automation and Continuous AI Security Testing</em></p></div><div><p>The second phase focuses on the industrialization and automation of the previously defined framework.</p></div><div><p>The objective is to design and implement an automated and scalable solution capable of:</p></div><ul><li><p>Automatically generating adversarial prompts and malicious AI input scenarios</p></li><li><p>Executing AI penetration tests against LLM-based components integrated in Medius products</p></li><li><p>Analyzing and scoring model responses using predefined security and robustness criteria</p></li><li><p>Enabling continuous and repeatable security testing throughout the AI lifecycle (development, deployment, and updates)</p></li></ul><div><p>A key aspect of this phase is the use of AI techniques to automate AI security testing, allowing continuous assessment rather than one-time evaluations.</p></div><div><p>The automated framework will be validated on representative Medius product use cases, and results will be analyzed to evaluate effectiveness, coverage, limitations, and improvement perspectives.</p><p><strong><em>Results and Contribution</em></strong></p><p>The expected outcome is an industrial-grade framework capable of systematically testing AI components and identifying security weaknesses in LLM-based features.</p><p><strong><em>Perspectives</em></strong></p><p>Integration into DevSecOps and CI/CD pipelines, extension to additional AI models and use cases, continuous AI risk monitoring at scale, enhancement of automated adversarial test generation, and future research on autonomous AI red teaming and secure-by-design AI systems.</p><p><span><strong>Technologies and environment</strong></span></p><p><span>LLM, AI, Penetration testing, Cybersecurity.</span></p><p><strong style="border:0px solid rgb(238, 239, 242);font-weight:600;color:inherit;">Please send your resume in English (resumes in French will be automatically rejected)</strong>.</p></div>