Intern

You'll be redirected to
the company's application page
Position Summary:
Spectral AI, Inc. (Spectral) is seeking a Cybersecurity Engineering Intern to join our growing design and development team. The position is based in Dallas, Texas, with hybrid work flexibility in accordance with the Spectral Employee Handbook guidelines. Working under the guidance and mentorship of senior cybersecurity and software engineers, the intern will gain hands-on experience supporting the design, development, and maintenance of secure medical device software systems, helping ensure that cybersecurity controls are resilient and aligned with FDA regulations, international standards (e.g., ANSI/AAMI SW 96:2003, IEC 62304, IEC 81001, ISO 14971, ISO 27001), and organizational security policies.
Essential Duties and Responsibilities:
Cybersecurity Risk Management
- Assist with cybersecurity risk assessments for medical device systems using structured methodologies (Threat Modeling, STRIDE, DREAD, Attack Trees, SBOM analysis) under the supervision of senior engineers.
- Help document risk evaluations aligned with AAMI TIR57, AAMI TIR97, FDA Premarket Cybersecurity Guidance, and ISO 14971.
- Observe and participate in Coordinated Vulnerability Disclosure (CVD) processes, learning how vulnerabilities are responsibly reported, remediated, and communicated in alignment with industry best practices.
- Help maintain and update cybersecurity documentation and supporting artifacts, including:
- Security risk assessment
- Security risk management reports
- Threat models
Secure Software Development (IEC 81001 and IEC 62304)
- Learn and apply secure coding practices alongside software engineers, and participate in structured code review processes.
- Help verify implementation of security requirements, encryption standards, authentication and authorization controls, and security-relevant logging.
- Assist in evaluating SOUP/OTS components for vulnerabilities, maintenance status, and compliance with FDA software bill of material (SBOM) requirements.
- Support the creation and ongoing maintenance of SBOM (e.g. CycloneDX, SPDX) using automated tools such as HELM and Dependency-Check.
Vulnerability and Patch Management
- Assist with vulnerability scanning across firmware, software, cloud services, Linux-based, and Windows-based cart devices.
- Help triage and validate Common Vulnerabilities and Exposures (CVEs) relevant to device components, run-time environments, and third-party libraries, with guidance.
- Help prepare vulnerability mitigation notes and support development teams during remediation.
- Help track findings, analyze root causes, and support remediation verification.
Incident Response and Monitoring
- Assist in establishing cybersecurity monitoring processes for fielded devices and cloud environments.
- Support investigation of security anomalies and incidents, assist with log analysis, and support corrective/preventive actions (CAPA).
Qualifications:
Required education and experience:
- Currently enrolled in, or recently completed, a Bachelor’s or Master’s degree program in Computer Science, Cybersecurity, Electrical/Computer Engineering, or a related field.
- Coursework, academic projects, or prior internship exposure related to cybersecurity, software development, or networking; familiarity with regulated or safety-critical systems is a plus but not required.
- Strong written communication skills, with an interest in producing clear, well-structured technical documentation for software cybersecurity.
Knowledge, Skills and Abilities (familiarity with or interest in learning the following):
- FDA Premarket Cybersecurity Guidance
- IEC 62304 Software Lifecycle
- AAMI TIR57 / TIR97
- OWASP Top 10, CWE, and secure coding principles
- Foundational understanding of, or interest in learning, common cybersecurity vulnerabilities and FDA reporting requirements
- Familiarity with Windows and Linux operating systems; exposure to cloud platforms (AWS/Azure) and secure configuration is a plus.
Preferred Qualifications
- Coursework or project exposure to regulated software or FDA medical device documentation.
- Hands-on experience with Windows, Linux, or embedded operating systems through coursework or personal projects.
- Exposure to cloud platforms, APIs, or networking concepts (e.g., AWS, secure APIs, VPN connections).
- Progress toward or completion of an entry-level security certification (e.g., Security+, CySA+) is a plus.
Soft Skills
- Excellent written and verbal communication skills in English.
- Detail-oriented, strong analytical and problem-solving skills.
- Willingness to learn how to prepare quality cybersecurity documentation suitable for regulatory review.
- Ability to collaborate across functional teams such as engineering, QA/RA, hardware, and clinical teams.
Physical Requirements:
- Prolonged periods of sitting at a desk and working on a computer.
Travel:
Minimal travel expected. This is primarily a hybrid internship based in Dallas, Texas.
Equal Employment Opportunity:
Spectral AI, Inc. is an equal opportunity and affirmative action employer. All applicants will be considered for employment without regard to race, color, ancestry, national origin, sex, gender, sexual orientation, marital status, religion, age, disability, gender identity, results of genetic testing, protected veteran status, or any other characteristic protected by applicable federal, state, or local laws.Prep Tools
ACE YOUR INTERVIEW IN REAL-TIME
Silent AI Co-Pilot
Real-time interview help
"Why Spectral MD Inc?"
💡 Mention their Biotechnology Research and your passion for Cybersecurity Risk Management
PROFESSIONAL COVER LETTER TEMPLATES
Template Library
Intern templates
50+ templates for every role
YOUR RESUME KNOWS THE QUESTIONS
AI Question Predictor
Based on Intern role