[Remote] WebApp Offensive Security Engineer
Note: The job is a remote job and is open to candidates in USA. Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find and fix exploitable attack vectors. They are seeking a WebApp Offensive Security Engineer with deep, hands-on web application penetration testing experience to enhance their autonomous testing capabilities and work closely with software engineers to improve product coverage.
Responsibilities
- Perform hands-on, full-scope web application penetration tests against real customer applications, alongside benchmark and lab targets, to surface vulnerabilities and attack paths
- Review NodeZero results on live customer engagements to identify coverage gaps, blind spots, and missed opportunities — the edge cases and corner-case attack scenarios that autonomous testing doesn't yet handle
- Manually reproduce and validate those edge cases, building reliable, production-safe proof-of-concept exploits and clear test cases that demonstrate the gap end to end — including against live customer environments without disrupting them
- Partner closely with software engineers to translate your findings into product improvements — defining detection logic, attack content, expected behavior, and remediation so NodeZero handles those cases going forward
- Build and maintain a library of regression and benchmark test cases so newly added coverage doesn't silently regress over time
- Monitor production pentests for missed findings and false positives; create and triage Jira tickets to drive issues to resolution
- Work directly with customers and internal teams to investigate findings, explain attack paths, and address questions about web application coverage and results
- Author technical blog posts and research write-ups showcasing new exploits, edge cases, and attack methodologies
- Mentor teammates and contribute to continuous improvement of team processes, methodology, and testing standards
Skills
- Extensive hands-on experience conducting full-scope web application penetration tests
- Deep, practical knowledge of common and not-so-common web vulnerability classes — SQL injection, XSS (reflected, stored, and DOM-based), SSRF, SSTI/CSTI, IDOR/BOLA, authentication and authorization bypass, path traversal, LFI, and similar — including how to chain them to demonstrate impact
- A talent for finding and exploiting business-logic and edge-case flaws that automated scanners routinely miss
- Strong command of proxy tools like Burp Suite and browser developer tools
- Comfort scripting to reproduce findings and build proof-of-concept exploits (e.g., Python or similar) — you don't need to be a professional software engineer, but you should be able to write and read code well enough to demonstrate an exploit and collaborate effectively with engineers
- Ability to clearly communicate attack steps, impact, and remediation guidance to both engineers and non-technical stakeholders
- Curiosity about emerging AI technologies and comfort using AI-assisted tools in your testing and research workflow
- Strong written and verbal communication, including technical documentation
- Ability to manage multiple priorities, work independently, and mentor teammates of varying experience levels
- Quick to learn and adopt new technologies, frameworks, and target stacks as needed
- History of recognized security research, including documented CVE discoveries and responsible disclosure
- Track record of successful bug bounty contributions
- Familiarity with how autonomous, agentic, or AI-driven pentesting tools work — and a sharp instinct for where and why they fail
- Experience writing detection or attack content (e.g., Nuclei templates, sqlmap tamper scripts, custom Burp extensions)
- Enough software development background to collaborate fluently with engineers on remediation and product coverage
- Familiarity with relational and graph databases, particularly Postgres and Neo4j
- Experience with AI/LLM tools for building agentic workflows (e.g., LangChain, LangFlow) and integrating contextual data using protocols like Model Context Protocol (MCP)
Benefits
- Equity package in the form of stock options
- Health, vision & dental insurance for you and your family
- A flexible vacation policy
- Generous parental leave
- Hybrid & Remote Work: We embrace a mix of remote and hybrid work models depending on role and location, including our Chicago office, where some roles require regular in-office presence
Company Overview