Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find, fix and verify exploitable attack vectors. The Attack Engineer will design and build production-grade systems for the NodeZero platform, focusing on researching and weaponizing vulnerabilities while leveraging AI technologies to automate attack workflows.
Responsibilities:
- Research and develop novel attack capabilities for integration into the NodeZero platform, focusing on autonomous red teaming, offensive security automation, and external perimeter breach techniques
- Acquire, configure, and exploit vulnerable test environments to validate and demonstrate attack scenarios
- Extend and maintain platform architecture and data models to support new research and product features
- Monitor public vulnerability databases and threat intelligence sources to stay current on emerging threats
- Collaborate cross-functionally with engineers, product managers, and customer teams to resolve issues, enhance features, and drive customer value
- Mentor teammates and improve team processes, code quality, and research standards
- Author technical blog posts and internal documentation showcasing new capabilities, research, and methodologies
Requirements:
- 7+ years of combined experience in software engineering and red teaming/ offensive security
- Expert-level proficiency in Python for large-scale development
- Proficient in object-oriented design, test-driven development, and scalable code design
- Experience designing and integrating APIs, data structures, and full-stack system components
- Experience developing in fast-paced, product-driven environments with distributed teams
- Skilled with Git and modern team collaboration workflows (PRs, CI/CD, code reviews)
- Familiar with containerization and orchestration tools such as Docker and Kubernetes
- Comfortable working with relational (Postgres) and graph (Neo4j) databases
- Hands-on experience with developing tools for offensive cybersecurity and/or red team operations
- Deep understanding of common RCE techniques (e.g., SQL injection, buffer overflows, path traversal)
- Familiar with exploitation of network protocols, web applications, and complex enterprise software
- Ability to translate security research into functional, autonomous attacks within a product context
- Experience attacking Windows environments (e.g., Active Directory), cloud platforms (AWS, Azure, GCP), and/or Kubernetes
- Outstanding analytical and problem-solving aptitude, especially when dealing with unfamiliar systems
- Self-motivated and energetic with the ability to operate independently with minimal supervision
- Ability to manage multiple priorities and deliver on both short- and long-term objectives
- Strong written and verbal communication skills; capable of creating technical documentation and explaining complex topics to a broad audience
- Demonstrated curiosity and adaptability; quick to adopt new technologies and domains
- Bachelor's degree in Computer Science or a related field
- OSCP (Offensive Security Certified Professional) or equivalent certifications
- Demonstrated experience using AI or LLM-based tools to enhance or automate exploit development, vulnerability triage, or security research workflows
- Contributions to open-source security tools, technical blog posts, or public vulnerability research
- Prior development experience within large-scale or multi-tenant SaaS applications
- Familiarity with Nuclei, Metasploit, BloodHound, and similar offensive tooling