[Remote] WebApp Offensive Security Engineer

Note: The job is a remote job and is open to candidates in USA. Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find and fix exploitable attack vectors. They are seeking a WebApp Offensive Security Engineer with deep, hands-on web application penetration testing experience to enhance their autonomous testing capabilities and work closely with software engineers to improve product coverage.

Responsibilities

• Perform hands-on, full-scope web application penetration tests against real customer applications, alongside benchmark and lab targets, to surface vulnerabilities and attack paths
• Review NodeZero results on live customer engagements to identify coverage gaps, blind spots, and missed opportunities — the edge cases and corner-case attack scenarios that autonomous testing doesn't yet handle
• Manually reproduce and validate those edge cases, building reliable, production-safe proof-of-concept exploits and clear test cases that demonstrate the gap end to end — including against live customer environments without disrupting them
• Partner closely with software engineers to translate your findings into product improvements — defining detection logic, attack content, expected behavior, and remediation so NodeZero handles those cases going forward
• Build and maintain a library of regression and benchmark test cases so newly added coverage doesn't silently regress over time
• Monitor production pentests for missed findings and false positives; create and triage Jira tickets to drive issues to resolution
• Work directly with customers and internal teams to investigate findings, explain attack paths, and address questions about web application coverage and results
• Author technical blog posts and research write-ups showcasing new exploits, edge cases, and attack methodologies
• Mentor teammates and contribute to continuous improvement of team processes, methodology, and testing standards

Skills

• Extensive hands-on experience conducting full-scope web application penetration tests
• Deep, practical knowledge of common and not-so-common web vulnerability classes — SQL injection, XSS (reflected, stored, and DOM-based), SSRF, SSTI/CSTI, IDOR/BOLA, authentication and authorization bypass, path traversal, LFI, and similar — including how to chain them to demonstrate impact
• A talent for finding and exploiting business-logic and edge-case flaws that automated scanners routinely miss
• Strong command of proxy tools like Burp Suite and browser developer tools
• Comfort scripting to reproduce findings and build proof-of-concept exploits (e.g., Python or similar) — you don't need to be a professional software engineer, but you should be able to write and read code well enough to demonstrate an exploit and collaborate effectively with engineers
• Ability to clearly communicate attack steps, impact, and remediation guidance to both engineers and non-technical stakeholders
• Curiosity about emerging AI technologies and comfort using AI-assisted tools in your testing and research workflow
• Strong written and verbal communication, including technical documentation
• Ability to manage multiple priorities, work independently, and mentor teammates of varying experience levels
• Quick to learn and adopt new technologies, frameworks, and target stacks as needed
• History of recognized security research, including documented CVE discoveries and responsible disclosure
• Track record of successful bug bounty contributions
• Familiarity with how autonomous, agentic, or AI-driven pentesting tools work — and a sharp instinct for where and why they fail
• Experience writing detection or attack content (e.g., Nuclei templates, sqlmap tamper scripts, custom Burp extensions)
• Enough software development background to collaborate fluently with engineers on remediation and product coverage
• Familiarity with relational and graph databases, particularly Postgres and Neo4j
• Experience with AI/LLM tools for building agentic workflows (e.g., LangChain, LangFlow) and integrating contextual data using protocols like Model Context Protocol (MCP)

Benefits

• Equity package in the form of stock options
• Health, vision & dental insurance for you and your family
• A flexible vacation policy
• Generous parental leave
• Hybrid & Remote Work: We embrace a mix of remote and hybrid work models depending on role and location, including our Chicago office, where some roles require regular in-office presence

Company Overview