Horizon3.aiRemote
Webapp Offensive Security Software Engineer
United States of America
Full Time
1 hour ago
$185,000 - $240,000 USD
Visa Sponsor
Key skills
Web application penetration testingBurp SuiteBrowser developer toolsObject-oriented programmingTest-driven developmentAI-assisted development toolsPostgresNeo4jSecurity researchCVE discoveryBug bounty contributionsOSCP CertificationAILLMRAGLangChainAgenticJiraCommunicationPenetration Testing
About this role
Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find and fix exploitable attack vectors. They are seeking an Offensive Security Software Engineer to design, develop, and integrate web application penetration testing content into their NodeZero platform, leveraging AI technologies to enhance security capabilities.
Responsibilities:
- Design, develop, and integrate web application offensive security content into the NodeZero platform
- Design, develop, and integrate novel attack capabilities into the NodeZero platform, including offensive security tooling and AI-enhanced techniques
- Research and implement AI-driven methods for vulnerability detection, exploitation, and workflow automation
- Extend and maintain platform architecture, data models, and system design to support new product features
- Monitor production for issues or missed opportunities and create or resolve Jira tickets as needed
- Integrate open-source and in-house tools, ensuring quality through testing, code reviews, and production monitoring
- Investigate, own, and resolve bugs in developed content
- Collaborate cross-functionally to address customer and prospect concerns related to attack content
- Author technical blog posts showcasing new research, exploits, or attack methodologies
- Mentor junior engineers and contribute to continuous improvement of team processes and standards
Requirements:
- Experience conducting full scope web application pentests
- Experience with proxy tools like Burp and with browser developer tools
- Proficient in object-oriented programming and test-driven development, with strong analytical and problem-solving skills
- Experience applying AI-assisted development tools to security research and automation tasks
- Curiosity about emerging AI technologies
- Skilled in designing, evaluating, and communicating technical solutions across systems, APIs, algorithms, and data structures
- Familiarity with relational and graph databases, particularly Postgres and Neo4j
- Strong written and verbal communication, including technical documentation
- Ability to manage multiple priorities, work independently, and mentor teammates of varying experience levels
- Quick to learn and adopt new technologies as needed
- History of recognized security research, including documented CVE discoveries and responsible disclosure
- Track record of successful bug bounty contributions
- Experience developing software and automation to aid in web application pentesting
- Background in large-scale software development projects
- Experience fine-tuning language models or implementing retrieval-augmented generation (RAG) for security-focused applications
- Experience with AI/LLM tools for building agentic workflows (e.g., LangChain, LangFlow) and integrating contextual data using protocols like Model Context Protocol (MCP)
- Demonstrated examples of using AI to enhance or automate exploit development
- OSCP (Offensive Security Certified Professional) Certification