[Remote] WebApp Offensive Security Engineer

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find and fix exploitable attack vectors. They are seeking a WebApp Offensive Security Engineer with deep, hands-on web application penetration testing experience to enhance their autonomous testing capabilities and work closely with software engineers to improve product coverage.ResponsibilitiesPerform hands-on, full-scope web application penetration tests against real customer applications, alongside benchmark and lab targets, to surface vulnerabilities and attack pathsReview NodeZero results on live customer engagements to identify coverage gaps, blind spots, and missed opportunities — the edge cases and corner-case attack scenarios that autonomous testing doesn't yet handleManually reproduce and validate those edge cases, building reliable, production-safe proof-of-concept exploits and clear test cases that demonstrate the gap end to end — including against live customer environments without disrupting themPartner closely with software engineers to translate your findings into product improvements — defining detection logic, attack content, expected behavior, and remediation so NodeZero handles those cases going forwardBuild and maintain a library of regression and benchmark test cases so newly added coverage doesn't silently regress over timeMonitor production pentests for missed findings and false positives; create and triage Jira tickets to drive issues to resolutionWork directly with customers and internal teams to investigate findings, explain attack paths, and address questions about web application coverage and resultsAuthor technical blog posts and research write-ups showcasing new exploits, edge cases, and attack methodologiesMentor teammates and contribute to continuous improvement of team processes, methodology, and testing standardsSkillsExtensive hands-on experience conducting full-scope web application penetration testsDeep, practical knowledge of common and not-so-common web vulnerability classes — SQL injection, XSS (reflected, stored, and DOM-based), SSRF, SSTI/CSTI, IDOR/BOLA, authentication and authorization bypass, path traversal, LFI, and similar — including how to chain them to demonstrate impactA talent for finding and exploiting business-logic and edge-case flaws that automated scanners routinely missStrong command of proxy tools like Burp Suite and browser developer toolsComfort scripting to reproduce findings and build proof-of-concept exploits (e.g., Python or similar) — you don't need to be a professional software engineer, but you should be able to write and read code well enough to demonstrate an exploit and collaborate effectively with engineersAbility to clearly communicate attack steps, impact, and remediation guidance to both engineers and non-technical stakeholdersCuriosity about emerging AI technologies and comfort using AI-assisted tools in your testing and research workflowStrong written and verbal communication, including technical documentationAbility to manage multiple priorities, work independently, and mentor teammates of varying experience levelsQuick to learn and adopt new technologies, frameworks, and target stacks as neededHistory of recognized security research, including documented CVE discoveries and responsible disclosureTrack record of successful bug bounty contributionsFamiliarity with how autonomous, agentic, or AI-driven pentesting tools work — and a sharp instinct for where and why they failExperience writing detection or attack content (e.g., Nuclei templates, sqlmap tamper scripts, custom Burp extensions)Enough software development background to collaborate fluently with engineers on remediation and product coverageFamiliarity with relational and graph databases, particularly Postgres and Neo4jExperience with AI/LLM tools for building agentic workflows (e.g., LangChain, LangFlow) and integrating contextual data using protocols like Model Context Protocol (MCP)BenefitsEquity package in the form of stock optionsHealth, vision & dental insurance for you and your familyA flexible vacation policyGenerous parental leaveHybrid & Remote Work: We embrace a mix of remote and hybrid work models depending on role and location, including our Chicago office, where some roles require regular in-office presenceCompany OverviewHorizon3.ai offers an autonomous penetration testing platform that helps organizations proactively find and fix security vulnerabilities. It was founded in 2019, and is headquartered in San Francisco, California, USA, with a workforce of 201-500 employees. Its website is https://www.horizon3.ai.

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Experienced Customer Engineer for Cloud Security Solutions – Remote Work Opportunity with Competitive Hourly Rate

Remote

Support Engineer 1 – FreeWheel – Remote in Pacific Time Zone in Chicago, IL in Comcast (job Id: 1676190207)

Remote

Senior Content Designer, Live and Sports

Remote

Sr. Software Engineer, App

Remote

Research Associate Professor (Ruminant Nutritional Physiology)

Remote

Wayfair Remote Jobs From Home $27/Hour

Remote

[Hiring] Executive Director, Thought Leader Liaisons @Madrigal

Remote

Community Engagement Associate

Remote

Technology Due Diligence & Private Equity Practice Leader

Remote

Delivery Driver - Sign Up and Start Earning

Remote
← Back