Welcome to the Agentic Commerce Era

At Commerce, our mission is to empower businesses to innovate, grow, and thrive with our open, AI-driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, we connect the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an ever-changing market. We believe in harnessing AI responsibly to unlock new possibilities, and we’re looking for individuals who use it intentionally to solve problems, accelerate outcomes, and expand what’s possible in their role. Our purpose is to help businesses confidently solve complex commerce challenges so they can build smarter, adapt faster, and grow on their own terms. If you want to be part of a team of bold builders, sharp thinkers, and technical trailblazers who shape the future of commerce, this is the place for you.

Commerce is seeking an Application Security Intern to join the Cybersecurity team for an eight-week summer internship. This role is designed for a student or early-career candidate interested in application security, secure software development, vulnerability management, and how security teams partner with engineering in a modern SaaS environment.

As an Application Security Intern, you will work under the guidance of experienced Application Security engineers to learn how BigCommerce identifies, evaluates, and helps remediate security risks across our products and platforms. You will contribute to practical tooling, documentation, and process improvements that help the team scale its AppSec program while gaining exposure to real-world bug hunting, security review, and incident response workflows.

This is a hybrid role based in Austin, TX. We require 3 days a week in office and are looking for local candidates only.

What You’ll Do:

• Learn the structure, goals, and day-to-day operating model of the BigCommerce Application Security program.

• Support improvements to AppSec tooling, reporting, documentation, and team processes.

• Assist with organizing or refining vulnerability management workflows, intake processes, dashboards, or knowledge base materials.

• Shadow AppSec engineers during security reviews, bug hunting, triage, and remediation discussions.

• Participate in guided hands-on security activities such as testing, reproducing findings, researching vulnerabilities, or validating fixes.

• Observe how the team partners with engineering, product, infrastructure, and incident response teams.

• Contribute to a small intern project that improves the AppSec team’s ability to measure, communicate, or scale its work.

• Present a short summary of learnings, recommendations, and completed work at the end of the internship.

What We’re Looking For:

• Current student or early-career candidate pursuing cybersecurity, computer science, software engineering, information systems, or a related field.

• Interest in application security, ethical hacking, secure coding, vulnerability research, or software development.

• Familiarity with basic web application concepts, APIs, Git, scripting, or common security topics such as OWASP Top 10.

• Curiosity, good judgment, and willingness to ask questions.

• Strong written communication skills and ability to document findings clearly.

• Ability to work with a team, follow guidance, and handle sensitive information responsibly.

Nice to Have:

• Coursework, labs, CTF participation, personal projects, or prior internship experience related to cybersecurity or software development.

• Exposure to tools or concepts such as SAST, DAST, SCA, threat modeling, vulnerability management, or cloud security.

• Basic scripting experience in Python, JavaScript, Bash, or a similar language.

What You’ll Gain:

• Practical exposure to how an application security program operates inside a SaaS company.

• Experience with real AppSec tooling, workflows, and vulnerability management practices.

• Mentorship from security engineers and exposure to engineering partnership models.

• A clearer understanding of potential career paths in application security, product security, and cybersecurity.

#LI-TK1

#LI-HYBRID

(Pay Transparency Range: $25.00/Hr.-$35.00/Hr.)

Compensation Transparency

The national base salary range for this role is posted above in this job post.

Final compensation will be determined based on factors such as relevant experience, skills, qualifications and geographic location. We also consider internal equity to help ensure fair and consistent pay practices across our teams.

Where applicable, this role may also be eligible for variable compensation (such as bonus or commission), equity, and benefits in accordance with local policies. Details will be shared during the hiring process. We are committed to equitable and transparent pay practices that align to market data, internal equity, and individual contribution.

Inclusion and Belonging

At Commerce, we believe that celebrating the unique histories, perspectives and abilities of every employee makes a difference for our company, our customers and our community. We are an equal opportunity employer and the inclusive atmosphere we build together will make room for every person to contribute, grow and thrive.

We are committed to creating an inclusive and accessible hiring experience for all candidates. If you require accommodations or adjustments at any stage of the recruitment process, please let us know and we will work with you to meet your needs.

Learn more about the Commerce team, culture and benefits at https://www.commerce.com/careers/

Protect Yourself Against Hiring Scams: Our Corporate Disclaimer 

Commerce, along with many other employers, has become the subject of fraudulent job offers to hopeful prospective job seekers.

Be advised:
Commerce does not offer jobs to individuals who do not go through our formal hiring process.

Commerce will never:

• require payment of recruitment fees from candidates;

• request personally identifiable information through unsanctioned websites or applications;

• attempt to solicit money from you as part of the hiring process or as part of an employment offer;

• solicit money to complete visa requirements as part of a job offer.

If you receive unsolicited offers of employment from Commerce, we urge you to be extremely cautious and avoid engaging or responding.