Apply on Employer Site

Horizon3.ai · 1 day ago

Senior Attack Engineer - Vulnerability Research

United States

Full-time

Remote

Senior Level

$195K/yr - $242K/yr

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find and fix exploitable attack vectors. The Senior Attack Engineer - Vulnerability Research role involves developing and maintaining core parts of the NodeZero platform while conducting vulnerability research and enhancing product capabilities.

Artificial Intelligence (AI)Cyber SecurityEnterprise SoftwareMachine LearningNetwork Security

Responsibilities

Acquire and configure vulnerable test systems to replicate and validate attack scenarios

Reverse engineer application binaries and patches to identify vulnerabilities

Develop and validate proof-of-concept exploits for identified vulnerabilities and ensure their integration into the core product

Design and implement foundational technology improvements to enable rapid development of exploitation modules

Collaborate closely with engineering teams to enhance product capabilities and develop new features

Maintain a comprehensive global view of emerging vulnerabilities, ensuring Horizon3 remains current with the latest threat landscape

Qualification

PythonReverse EngineeringVulnerability ExploitationNetwork ProtocolsSoftware EngineeringDatabase ExperienceTechnical DesignAWSDockerKubernetesMetasploitNucleiC/C++RustAssemblyBug bountyCVEsProblem-SolvingSelf-MotivationCollaborationCommunicationAdaptability

Required

Proficiency in Python: Proficiency in large-scale Python software development

Software Engineering: Strong understanding of secure software development practices, including experience with version control systems like Git and effective team workflows

Reverse Engineering: Experience reversing Java applications, C#, .NET, and native application binaries and experience in reverse engineering technologies like IDA or Ghidra

Vulnerability Exploitation: In-depth knowledge of common Remote Code Execution (RCE) techniques such as SQL injection, path traversal, and buffer overflow exploits

Network Protocols: Strong understanding of network protocols and their intricacies, including their role in exploitation vectors

Database Experience: Experience with relational (Postgres) or graph (Neo4j) database systems

Equivalent experience may be considered if demonstrable through proof-of-concept write-ups, published vulnerability research, or similar achievements

Problem-Solving: Strong analytical skills with an aptitude for solving complex technical problems

Self-Motivation: The ability to work independently with minimal supervision, demonstrating initiative and a high level of energy

Collaboration: Work closely with the NodeZero team, N-Day researchers, and adjacent teams to weaponize reverse-engineered exploits for product integration and rapidly develop new cross-functional features

Communication: Strong technical writing and documentation skills, with the ability to convey findings and methodologies to both technical and non-technical stakeholders

Technical Design: Proficiency in designing, presenting, and evaluating technical solutions, ensuring high-quality software and secure development practices

Adaptability: Ability to independently learn and adapt to new technologies, tools, and methodologies