Back to all jobs

Webapp Offensive Security Software Engineer

WeWorkRemotely
Apply NowSign in to track
AI-enhanced for better readability
Company logo

Horizon3 AI: Webapp Offensive Security Software Engineer

Source: weworkremotely

About Horizon3.ai

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find, fix, and verify exploitable attack vectors before criminals exploit them. Their flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by ITOps/SecOps teams, consulting pentesters, and MSSPs and MSPs.

They are a fusion of former U.S. Special Operations cyber operators, startup engineers, and formerly frustrated cybersecurity practitioners. They're committed to helping solve common security problems: ineffective security tools, false positives resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, they are a team of learn-it-alls, committed to a culture of respect, collaboration, ownership, and results.

About the Role

They are looking for an Offensive Security Software Engineer with extensive web application penetration testing experience and a growing interest in AI-enhanced security techniques. You will have a significant impact on how they deliver value to their customers by designing, developing, and integrating web application penetration testing content into the NodeZero platform. This position requires practical expertise in full-scope web application testing, proven software development skills, and enthusiasm for leveraging emerging AI technologies to advance offensive security capabilities.

Essential Functions

  • Design, develop, and integrate web application offensive security content into the NodeZero platform
  • Design, develop, and integrate novel attack capabilities into the NodeZero platform, including offensive security tooling and AI-enhanced techniques.
  • Research and implement AI-driven methods for vulnerability detection, exploitation, and workflow automation.
  • Extend and maintain platform architecture, data models, and system design to support new product features.
  • Monitor production for issues or missed opportunities and create or resolve Jira tickets as needed.
  • Integrate open-source and in-house tools, ensuring quality through testing, code reviews, and production monitoring.
  • Investigate, own, and resolve bugs in developed content.
  • Collaborate cross-functionally to address customer and prospect concerns related to attack content.
  • Author technical blog posts showcasing new research, exploits, or attack methodologies.
  • Mentor junior engineers and contribute to continuous improvement of team processes and standards

Competencies/Requirements

  • Experience conducting full scope web application pentests
  • Experience with proxy tools like Burp and with browser developer tools
  • Proficient in object-oriented programming and test-driven development, with strong analytical and problem-solving skills.
  • Experience applying AI-assisted development tools to security research and automation tasks
  • Curiosity about emerging AI technologies.
  • Skilled in designing, evaluating, and communicating technical solutions across systems, APIs, algorithms, and data structures.
  • Familiarity with relational and graph databases, particularly Postgres and Neo4j.
  • Strong written and verbal communication, including technical documentation.
  • Ability to manage multiple priorities, work independently, and mentor teammates of varying experience levels.
  • Quick to learn and adopt new technologies as needed.
  • History of recognized security research, including documented CVE discoveries and responsible disclosure
  • Track record of successful bug bounty contributions

Desired/Nice to Have

  • Experience developing software and automation to aid in web application pentesting
  • Background in large-scale software development projects.
  • Experience fine-tuning language models or implementing retrieval-augmented generation (RAG) for security-focused applications.
  • Experience with AI/LLM tools for building agentic workflows (e.g., LangChain, LangFlow) and integrating contextual data using protocols like Model Context Protocol (MCP).

Expectations

  • Outstanding problem-solving aptitude.
  • Be self-motivated and highly energetic to have the ability to operate effectively with limited supervision and guidance.
  • Work with our security researchers to understand the technical aspects of reverse engineered exploits and weaponizing these exploits into the product.
  • Strong technical documentation and communication skills.
  • Document findings, methodologies, and recommendations for both technical and non-technical stakeholders.
  • Proficient in designing, presenting, and evaluating technical solutions.

What Makes You Stand Out

  • Demonstrated examples of using AI to enhance or automate exploit development
  • OSCP (Offensive Security Certified Professional) Certification

Travel Required

They are a fully remote company, and this job may require up to 15% of travel to be successful. Job-related travel expenses are reviewed and must be approved by your manager.

Perks of Horizon3.ai

  • Inclusive Team: They value diversity and promote an inclusive culture where everyone can thrive.
  • Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.
  • Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.
  • Remote Work: They are a 100% remote company. Enjoy the convenience and work-life balance that comes with remote work.
  • Competitive Compensation: They offer competitive salary, equity and benefits. Their benefits include health, vision & dental insurance for you and your family, a flexible vacation policy, and generous parental leave.

Compensation and Values

At Horizon3, they believe that their people are their greatest asset, and their compensation philosophy reflects this core value. They are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Their compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.

In accordance with various State’s transparency regulations, they provide the following salary range information for this position:

  • Base salary range: $185,000 - $240,000 annually. The exact salary will be determined based on the selected candidate’s location, qualifications, experience, and relevant skills.
  • Additional compensation: All full-time roles are eligible for an equity package in the form of stock options.

You Belong Here

Horizon3 is not just an equal opportunity employer - they are a community that values diversity, equity, and inclusion as fundamental principles of their culture and success. They are dedicated to fostering a workplace where everyone feels welcome and respected, regardless of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, or any other legally protected status by law.

Their commitment to diversity and inclusion means they strive to attract, develop, and retain a workforce that reflects the varied communities they serve. They believe that diverse perspectives drive innovation and strengthen their ability to create cutting-edge cybersecurity solutions. At Horizon3, every team member is valued and supported in an environment that encourages personal and professional growth.

They welcome candidates from all backgrounds and experiences, and they encourage all qualified individuals to apply. Come be a part of Horizon3, where your unique contributions are recognized, and your potential is limitless.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.

To Apply

https://weworkremotely.com/remote-jobs/horizon3-ai-webapp-offensive-security-software-engineer

Similar jobs