← all jobs

[Remote] WebApp Offensive Security Engineer

Work from home Full-time role Hiring

Note: The job is a remote job and is open to candidates in USA. Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find and fix exploitable attack vectors. They are seeking a WebApp Offensive Security Engineer with deep, hands-on web application penetration testing experience to enhance their autonomous testing capabilities and work closely with software engineers to improve product coverage.

Responsibilities

  • Perform hands-on, full-scope web application penetration tests against real customer applications, alongside benchmark and lab targets, to surface vulnerabilities and attack paths
  • Review NodeZero results on live customer engagements to identify coverage gaps, blind spots, and missed opportunities — the edge cases and corner-case attack scenarios that autonomous testing doesn't yet handle
  • Manually reproduce and validate those edge cases, building reliable, production-safe proof-of-concept exploits and clear test cases that demonstrate the gap end to end — including against live customer environments without disrupting them
  • Partner closely with software engineers to translate your findings into product improvements — defining detection logic, attack content, expected behavior, and remediation so NodeZero handles those cases going forward
  • Build and maintain a library of regression and benchmark test cases so newly added coverage doesn't silently regress over time
  • Monitor production pentests for missed findings and false positives; create and triage Jira tickets to drive issues to resolution
  • Work directly with customers and internal teams to investigate findings, explain attack paths, and address questions about web application coverage and results
  • Author technical blog posts and research write-ups showcasing new exploits, edge cases, and attack methodologies
  • Mentor teammates and contribute to continuous improvement of team processes, methodology, and testing standards

Skills

  • Extensive hands-on experience conducting full-scope web application penetration tests
  • Deep, practical knowledge of common and not-so-common web vulnerability classes — SQL injection, XSS (reflected, stored, and DOM-based), SSRF, SSTI/CSTI, IDOR/BOLA, authentication and authorization bypass, path traversal, LFI, and similar — including how to chain them to demonstrate impact
  • A talent for finding and exploiting business-logic and edge-case flaws that automated scanners routinely miss
  • Strong command of proxy tools like Burp Suite and browser developer tools
  • Comfort scripting to reproduce findings and build proof-of-concept exploits (e.g., Python or similar) — you don't need to be a professional software engineer, but you should be able to write and read code well enough to demonstrate an exploit and collaborate effectively with engineers
  • Ability to clearly communicate attack steps, impact, and remediation guidance to both engineers and non-technical stakeholders
  • Curiosity about emerging AI technologies and comfort using AI-assisted tools in your testing and research workflow
  • Strong written and verbal communication, including technical documentation
  • Ability to manage multiple priorities, work independently, and mentor teammates of varying experience levels
  • Quick to learn and adopt new technologies, frameworks, and target stacks as needed
  • History of recognized security research, including documented CVE discoveries and responsible disclosure
  • Track record of successful bug bounty contributions
  • Familiarity with how autonomous, agentic, or AI-driven pentesting tools work — and a sharp instinct for where and why they fail
  • Experience writing detection or attack content (e.g., Nuclei templates, sqlmap tamper scripts, custom Burp extensions)
  • Enough software development background to collaborate fluently with engineers on remediation and product coverage
  • Familiarity with relational and graph databases, particularly Postgres and Neo4j
  • Experience with AI/LLM tools for building agentic workflows (e.g., LangChain, LangFlow) and integrating contextual data using protocols like Model Context Protocol (MCP)

Benefits

  • Equity package in the form of stock options
  • Health, vision & dental insurance for you and your family
  • A flexible vacation policy
  • Generous parental leave
  • Hybrid & Remote Work: We embrace a mix of remote and hybrid work models depending on role and location, including our Chicago office, where some roles require regular in-office presence

Company Overview

  • Horizon3.ai offers an autonomous penetration testing platform that helps organizations proactively find and fix security vulnerabilities. It was founded in 2019, and is headquartered in San Francisco, California, USA, with a workforce of 201-500 employees. Its website is https://www.horizon3.ai.
  • More open positions

    [Remote] Agency Recruiter

    Work from home Full-time role

    [Remote] AI Engineer

    Work from home Full-time role

    [Remote] Sr Performance Marketing Manager

    Work from home Full-time role

    [Remote] Senior Technical Business Development Manager - Embedded & Connected Products

    Work from home Full-time role

    [Remote] Program Manager, AI Enablement

    Work from home Full-time role

    Automation Engineer

    Work from home Full-time role

    Multilingual Customer Support Representative – German, English & Russian – Remote Gaming Industry Role at careerzynith

    Work from home Full-time role

    Home Loan Internal Production - Home Loan Advisor - In-Market (Remote in Fresno, CA only)

    Work from home Full-time role

    Enterprise Account Executive (South Region)

    Work from home Full-time role

    Remote Cosmetic Ingredients Advisor

    Work from home Full-time role

    WordPress / Web Developer (Web Support & Maintenance) - QQ 0060-26

    Work from home Full-time role

    Remote Live Chat Customer Service Representative – Premium Financial Services Support at careerzynith

    Work from home Full-time role

    Business Intelligence Analyst - Strategic Partnerships

    Work from home Full-time role

    Program Manager

    Work from home Full-time role

    Experienced Full Stack Data Entry Specialist – Remote Work Opportunities at careerzynith

    Work from home Full-time role

    Sr Help Desk Agent; 3rd shift, US Remote

    Work from home Full-time role

    Payroll Assistant – Remote Contract

    Work from home Full-time role

    [Remote] EY-Parthenon - Strategy and Execution - Commercial Strategy - Senior Associate-Consultant

    Work from home Full-time role

    Account Manager - Commercial Insurance (Fully Remote Option)

    Work from home Full-time role

    Remote Customer Service Representative – Premium Consumer Tech Support for careerzynith (Fully Remote)

    Work from home Full-time role

    Data Entry Specialist – Remote E‑Commerce Product & Inventory Management for careerzynith – Flexible Hours, Career Growth

    Work from home Full-time role