Horizon3 AI: Webapp Offensive Security Software Engineer

Headquarters: US, Remote
URL: http://horizon3.ai

Get to Know Us

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find and fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by ITOps/SecOps teams, consulting pentesters, and MSSPs and MSPs. 

We are a fusion of former U.S. Special Operations cyber operators, startup engineers, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools, false positives resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results.

Summary

We're looking for an Offensive Security Software Engineer with extensive web application penetration testing experience and a growing interest in AI-enhanced security techniques. You will have a significant impact on how we deliver value to our customers by designing, developing, and integrating web application penetration testing content into the NodeZero platform. This position requires practical expertise in full-scope web application testing, proven software development skills, and enthusiasm for leveraging emerging AI technologies to advance offensive security capabilities.

Essential Functions

• Design, develop, and integrate web application offensive security content into the NodeZero platform

• Design, develop, and integrate novel attack capabilities into the NodeZero platform, including offensive security tooling and AI-enhanced techniques.

• Research and implement AI-driven methods for vulnerability detection, exploitation, and workflow automation.

• Extend and maintain platform architecture, data models, and system design to support new product features.

• Monitor production for issues or missed opportunities and create or resolve Jira tickets as needed.

• Integrate open-source and in-house tools, ensuring quality through testing, code reviews, and production monitoring.

• Investigate, own, and resolve bugs in developed content.

• Collaborate cross-functionally to address customer and prospect concerns related to attack content.

• Author technical blog posts showcasing new research, exploits, or attack methodologies.

• Mentor junior engineers and contribute to continuous improvement of team processes and standards

Competencies/Requirements

• Experience conducting full scope web application pentests

• Experience with proxy tools like Burp and with browser developer tools

• Proficient in object-oriented programming and test-driven development, with strong analytical and problem-solving skills.

• Experience applying AI-assisted development tools to security research and automation tasks

• Curiosity about emerging AI technologies.

• Skilled in designing, evaluating, and communicating technical solutions across systems, APIs, algorithms,