INTERNSHIP DETAILS

Intern

CompanySpectral MD Inc
LocationDallas
Work ModeOn Site
PostedJuly 8, 2026
Internship Information
Core Responsibilities
The intern will support the design and maintenance of secure medical device software systems while ensuring alignment with FDA regulations and international standards. Key tasks include performing risk assessments, managing vulnerabilities, and assisting with secure software development lifecycles.
Internship Type
intern
Company Size
82
Visa Sponsorship
No
Language
English
Working Hours
40 hours
Apply Now →

You'll be redirected to
the company's application page

About The Company
Spectral AI, Inc. is a Dallas-based predictive AI company focused on medical diagnostics for faster and more accurate treatment decisions in wound care, with initial applications involving patients with burns. The Company is working to revolutionize the management of wound care by “Seeing the Unknown®” with its DeepView® System. DeepView® is a predictive diagnostic device that offers clinicians an objective and immediate assessment of a wound’s healing potential prior to treatment or other medical intervention. With algorithm-driven results and a goal of changing the current standard of care in the future, DeepView® is expected to provide faster and accurate treatment insight towards value care by improving patient outcomes and reducing healthcare costs.
About the Role

Position Summary: 

Spectral AI, Inc. (Spectral) is seeking a Cybersecurity Engineering Intern to join our growing design and development team. The position is based in Dallas, Texas, with hybrid work flexibility in accordance with the Spectral Employee Handbook guidelines. Working under the guidance and mentorship of senior cybersecurity and software engineers, the intern will gain hands-on experience supporting the design, development, and maintenance of secure medical device software systems, helping ensure that cybersecurity controls are resilient and aligned with FDA regulations, international standards (e.g., ANSI/AAMI SW 96:2003, IEC 62304, IEC 81001, ISO 14971, ISO 27001), and organizational security policies. 

Essential Duties and Responsibilities:

Cybersecurity Risk Management

  • Assist with cybersecurity risk assessments for medical device systems using structured methodologies (Threat Modeling, STRIDE, DREAD, Attack Trees, SBOM analysis) under the supervision of senior engineers.
  • Help document risk evaluations aligned with AAMI TIR57, AAMI TIR97, FDA Premarket Cybersecurity Guidance, and ISO 14971.
  • Observe and participate in Coordinated Vulnerability Disclosure (CVD) processes, learning how vulnerabilities are responsibly reported, remediated, and communicated in alignment with industry best practices.
  • Help maintain and update cybersecurity documentation and supporting artifacts, including:
    • Security risk assessment
    • Security risk management reports
    • Threat models

Secure Software Development (IEC 81001 and IEC 62304)

  • Learn and apply secure coding practices alongside software engineers, and participate in structured code review processes.
  • Help verify implementation of security requirements, encryption standards, authentication and authorization controls, and security-relevant logging.
  • Assist in evaluating SOUP/OTS components for vulnerabilities, maintenance status, and compliance with FDA software bill of material (SBOM) requirements.
  • Support the creation and ongoing maintenance of SBOM (e.g. CycloneDX, SPDX) using automated tools such as HELM and Dependency-Check.

Vulnerability and Patch Management 

  • Assist with vulnerability scanning across firmware, software, cloud services, Linux-based, and Windows-based cart devices.
  • Help triage and validate Common Vulnerabilities and Exposures (CVEs) relevant to device components, run-time environments, and third-party libraries, with guidance.
  • Help prepare vulnerability mitigation notes and support development teams during remediation.
  • Help track findings, analyze root causes, and support remediation verification.

Incident Response and Monitoring

  • Assist in establishing cybersecurity monitoring processes for fielded devices and cloud environments.
  • Support investigation of security anomalies and incidents, assist with log analysis, and support corrective/preventive actions (CAPA).

Qualifications:

Required education and experience:

  • Currently enrolled in, or recently completed, a Bachelor’s or Master’s degree program in Computer Science, Cybersecurity, Electrical/Computer Engineering, or a related field.
  • Coursework, academic projects, or prior internship exposure related to cybersecurity, software development, or networking; familiarity with regulated or safety-critical systems is a plus but not required.
  • Strong written communication skills, with an interest in producing clear, well-structured technical documentation for software cybersecurity.

Knowledge, Skills and Abilities (familiarity with or interest in learning the following):

  • FDA Premarket Cybersecurity Guidance
  • IEC 62304 Software Lifecycle
  • AAMI TIR57 / TIR97
  • OWASP Top 10, CWE, and secure coding principles
  • Foundational understanding of, or interest in learning, common cybersecurity vulnerabilities and FDA reporting requirements
  • Familiarity with Windows and Linux operating systems; exposure to cloud platforms (AWS/Azure) and secure configuration is a plus.

Preferred Qualifications

  • Coursework or project exposure to regulated software or FDA medical device documentation.
  • Hands-on experience with Windows, Linux, or embedded operating systems through coursework or personal projects.
  • Exposure to cloud platforms, APIs, or networking concepts (e.g., AWS, secure APIs, VPN connections).
  • Progress toward or completion of an entry-level security certification (e.g., Security+, CySA+) is a plus.

Soft Skills

  • Excellent written and verbal communication skills in English.
  • Detail-oriented, strong analytical and problem-solving skills.
  • Willingness to learn how to prepare quality cybersecurity documentation suitable for regulatory review.
  • Ability to collaborate across functional teams such as engineering, QA/RA, hardware, and clinical teams.

Physical Requirements:

  • Prolonged periods of sitting at a desk and working on a computer.

Travel:

Minimal travel expected. This is primarily a hybrid internship based in Dallas, Texas.

Equal Employment Opportunity:

Spectral AI, Inc. is an equal opportunity and affirmative action employer. All applicants will be considered for employment without regard to race, color, ancestry, national origin, sex, gender, sexual orientation, marital status, religion, age, disability, gender identity, results of genetic testing, protected veteran status, or any other characteristic protected by applicable federal, state, or local laws. 

Key Skills
Cybersecurity Risk ManagementThreat ModelingSecure CodingVulnerability ScanningIncident ResponseSBOM AnalysisTechnical DocumentationFDA Regulatory ComplianceLinuxWindowsCloud PlatformsNetwork SecurityCVE TriageLog AnalysisRisk AssessmentSoftware Development
Categories
Security & SafetyTechnologyEngineeringSoftwareHealthcare