Apply on Employer Site

Horizon3.ai · 16 hours ago

Webapp Offensive Security Software Engineer

United States

Full-time

Remote

Mid, Senior Level

$185K/yr - $240K/yr

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find and fix exploitable attack vectors. They are seeking an Offensive Security Software Engineer to design, develop, and integrate web application penetration testing content into their NodeZero platform, leveraging AI technologies to enhance security capabilities.

Artificial Intelligence (AI)Cyber SecurityEnterprise SoftwareMachine LearningNetwork Security

Responsibilities

Design, develop, and integrate web application offensive security content into the NodeZero platform

Design, develop, and integrate novel attack capabilities into the NodeZero platform, including offensive security tooling and AI-enhanced techniques

Research and implement AI-driven methods for vulnerability detection, exploitation, and workflow automation

Extend and maintain platform architecture, data models, and system design to support new product features

Monitor production for issues or missed opportunities and create or resolve Jira tickets as needed

Integrate open-source and in-house tools, ensuring quality through testing, code reviews, and production monitoring

Investigate, own, and resolve bugs in developed content

Collaborate cross-functionally to address customer and prospect concerns related to attack content

Author technical blog posts showcasing new research, exploits, or attack methodologies

Mentor junior engineers and contribute to continuous improvement of team processes and standards

Qualification

Web application pentestingAI-assisted development toolsObject-oriented programmingBurp SuiteRelational databasesGraph databasesCuriosity about AIBug bounty contributionsOSCP CertificationTechnical documentationProblem-solving skillsMentoringCommunication skills

Required

Experience conducting full scope web application pentests

Experience with proxy tools like Burp and with browser developer tools

Proficient in object-oriented programming and test-driven development, with strong analytical and problem-solving skills

Experience applying AI-assisted development tools to security research and automation tasks

Curiosity about emerging AI technologies

Skilled in designing, evaluating, and communicating technical solutions across systems, APIs, algorithms, and data structures

Familiarity with relational and graph databases, particularly Postgres and Neo4j

Strong written and verbal communication, including technical documentation

Ability to manage multiple priorities, work independently, and mentor teammates of varying experience levels

Quick to learn and adopt new technologies as needed

History of recognized security research, including documented CVE discoveries and responsible disclosure

Track record of successful bug bounty contributions

Preferred

Experience developing software and automation to aid in web application pentesting

Background in large-scale software development projects

Experience fine-tuning language models or implementing retrieval-augmented generation (RAG) for security-focused applications

Experience with AI/LLM tools for building agentic workflows (e.g., LangChain, LangFlow) and integrating contextual data using protocols like Model Context Protocol (MCP)

Demonstrated examples of using AI to enhance or automate exploit development

OSCP (Offensive Security Certified Professional) Certification