ForgeApply
Try it free

ForgeApply · Job listing

WebApp Offensive Security Software Engineer

Horizon3ai

Remote · US, Remote, US$196k – $242kAI

Apply in about a minute — without sacrificing quality.

ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.

About this role

Get to Know Us

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find and fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by ITOps/SecOps teams, consulting pentesters, and MSSPs and MSPs. 

We are a fusion of former U.S. Special Operations cyber operators, startup engineers, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools, false positives resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results.

Summary

We're looking for a Senior/ Staff Offensive Security Software Engineer with extensive web application penetration testing experience and a growing interest in AI-enhanced security techniques. You will have a significant impact on how we deliver value to our customers by designing, developing, and integrating web application penetration testing content into the NodeZero platform. This position requires practical expertise in full-scope web application testing, proven software development skills, and enthusiasm for leveraging emerging AI technologies to advance offensive security capabilities.

Essential Functions

- Perform hands-on, full-scope web application penetration tests against real customer applications, alongside benchmark and lab targets, to surface vulnerabilities and attack paths.

- Review NodeZero results on live customer engagements to identify coverage gaps, blind spots, and missed opportunities — the edge cases and corner-case attack scenarios that autonomous testing doesn't yet handle.

- Manually reproduce and validate those edge cases, building reliable, production-safe proof-of-concept exploits and clear test cases that demonstrate the gap end to end — including against live customer environments without disrupting them.

- Partner closely with software engineers to translate your findings into product improvements — defining detection logic, attack content, expected behavior, and remediation so NodeZero handles those cases going forward.

- Build and maintain a library of regression and benchmark test cases so newly added coverage doesn't silently regress over time.

- Monitor production pentests for missed findings and false positives; create and triage Jira tickets to drive issues to resolution.

- Work directly with customers and internal teams to investigate findings, explain attack paths, and address questions about web application coverage and results.

- Author technical blog posts and research write-ups showcasing new exploits, edge cases, and attack methodologies.

- Mentor teammates and contribute to continuous improvement of team processes, methodology, and testing standards.

Competencies/Requirements

- Experience conducting full scope web application pentests

- Experience with proxy tools like Burp and with browser developer tools

- Proficient in object-oriented programming and test-driven development, with strong analytical and problem-solving skills.

- Experience applying AI-assisted development tools to security research and automation tasks

- Curiosity about emerging AI technologies.

- Skilled in designing, evaluating, and communicating technical solutions across systems, APIs, algorithms, and data structures.

- Familiarity with relational and graph databases, particularly Postgres and Neo4j.

- Strong written and verbal communication, including technical documentation.

- Ability to manage multiple priorities, work independently, and mentor teammates of varying experience levels.

- Quick to learn and adopt new technologies as needed.

- History of recognized security research, including documented CVE discoveries and responsible disclosure

- Track record of successful bug bounty contributions

Desired/Nice to Have

- Experience developing software and automation to aid in web application pentesting

- Background in large-scale software development projects.

- Experience fine-tuning language models or implementing retrieval-augmented generation (RAG) for security-focused applications.

- Experience with AI/LLM tools for building agentic workflows (e.g., LangChain, LangFlow) and integrating contextual data using protocols like Model Context Protocol (MCP).

Expectations:

- Outstanding problem-solving aptitude.

- Be self-motivated and highly energetic to have the ability to operate effectively with limited supervision and guidance.

- Work with our security researchers to understand the technical aspects of reverse engineered exploits and weaponizing these exploits into the product.

- Strong technical documentation and communication skills.

- Document findings, methodologies, and recommendations for both technical and non-technical stakeholders.

- Proficient in designing, presenting, and evaluating technical solutions.

What makes you stand out:

- Demonstrated examples of using AI to enhance or automate exploit development

- OSCP (Offensive Security Certified Professional) Certification.

Perks of Horizon3.ai

- Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.

- Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.

- Innovative Culture: Work in a collaborative environment that encourages creativity and

Ready to apply to Horizon3ai?

Apply in about a minute

Similar jobs

More like this: Software Engineer Jobs · Remote Software Engineer Jobs · Browse all jobs