Horizon3.aiRemote
Senior Attack Engineer - Vulnerability Research
United States
Full-time
2 weeks ago
$195,000 - $242,000 USD
H1B Sponsor
Key skills
PythonReverse EngineeringVulnerability ExploitationNetwork ProtocolsSoftware EngineeringDatabase ExperienceTechnical DesignAWSDockerKubernetesMetasploitNucleiC/C++RustAssemblybug bountyCVEsProblem-SolvingSelf-MotivationCollaborationCommunicationAdaptabilityJavaC#C++CSQL.NETAIPostgresNeo4jGitVersion Control
About this role
Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find and fix exploitable attack vectors. The Senior Attack Engineer - Vulnerability Research role involves developing and maintaining core parts of the NodeZero platform while conducting vulnerability research and enhancing product capabilities.
Responsibilities:
- Acquire and configure vulnerable test systems to replicate and validate attack scenarios
- Reverse engineer application binaries and patches to identify vulnerabilities
- Develop and validate proof-of-concept exploits for identified vulnerabilities and ensure their integration into the core product
- Design and implement foundational technology improvements to enable rapid development of exploitation modules
- Collaborate closely with engineering teams to enhance product capabilities and develop new features
- Maintain a comprehensive global view of emerging vulnerabilities, ensuring Horizon3 remains current with the latest threat landscape
Requirements:
- Proficiency in Python: Proficiency in large-scale Python software development
- Software Engineering: Strong understanding of secure software development practices, including experience with version control systems like Git and effective team workflows
- Reverse Engineering: Experience reversing Java applications, C#, .NET, and native application binaries and experience in reverse engineering technologies like IDA or Ghidra
- Vulnerability Exploitation: In-depth knowledge of common Remote Code Execution (RCE) techniques such as SQL injection, path traversal, and buffer overflow exploits
- Network Protocols: Strong understanding of network protocols and their intricacies, including their role in exploitation vectors
- Database Experience: Experience with relational (Postgres) or graph (Neo4j) database systems
- Equivalent experience may be considered if demonstrable through proof-of-concept write-ups, published vulnerability research, or similar achievements
- Problem-Solving: Strong analytical skills with an aptitude for solving complex technical problems
- Self-Motivation: The ability to work independently with minimal supervision, demonstrating initiative and a high level of energy
- Collaboration: Work closely with the NodeZero team, N-Day researchers, and adjacent teams to weaponize reverse-engineered exploits for product integration and rapidly develop new cross-functional features
- Communication: Strong technical writing and documentation skills, with the ability to convey findings and methodologies to both technical and non-technical stakeholders
- Technical Design: Proficiency in designing, presenting, and evaluating technical solutions, ensuring high-quality software and secure development practices
- Adaptability: Ability to independently learn and adapt to new technologies, tools, and methodologies
- Bachelor's Degree in Computer Science, Computer Engineering or related field
- Experience with vulnerability disclosure processes
- Published CVEs or experience with bug bounty and web app pentesting
- Experience with additional programming languages, including C, C++, Rust, or Assembly
- Familiarity with Nuclei and Metasploit for automated vulnerability scanning and exploitation
- Experience working in AWS and other cloud environments
- Previous experience working on large-scale software projects
- Knowledge of and experience with Docker, Kubernetes and related containerization technologies
- OSCP (Offensive Security Certified Professional) or equivalent certifications