Attack Engineer

Attack Engineer Get to Know Us Horizon3.ai http://Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs. We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn-it-alls, committed to a culture of respect, collaboration, ownership, and results. As a remote first company, we require minimum 25Mbps consumer grade broadband connection. Summary - We’re seeking an experienced Attack Engineer who blends deep software engineering expertise with a passion for cybersecurity. In this role, you’ll design and build production-grade systems that drive the offensive capabilities of the NodeZero platform. You’ll be responsible for researching and weaponizing real-world vulnerabilities and misconfigurations, and leveraging AI technologies to automate and enhance attack workflows. - Ideal candidates are fluent in Python, comfortable shipping robust code to production, and excited by the challenge of applying their engineering skills to offensive tooling, and autonomous/agentic orchestration. This is a high-impact, cross-disciplinary role for someone who wants to shape the future of autonomous offensive security. ESSENTIAL FUNCTIONS - Research and develop novel attack capabilities for integration into the NodeZero platform, focusing on autonomous red teaming, offensive security automation, and external perimeter breach techniques. - Acquire, configure, and exploit vulnerable test environments to validate and demonstrate attack scenarios. - Extend and maintain platform architecture and data models to support new research and product features. - Monitor public vulnerability databases and threat intelligence sources to stay current on emerging threats. - Collaborate cross-functionally with engineers, product managers, and customer teams to resolve issues, enhance features, and drive customer value. - Mentor teammates and improve team processes, code quality, and research standards. - Author technical blog posts and internal documentation showcasing new capabilities, research, and methodologies. COMPETENCIES / REQUIREMENTS SOFTWARE ENGINEERING - 7+ years of combined experience in software engineering and red teaming/ offensive security. - Expert-level proficiency in Python for large-scale development. - Proficient in object-oriented design, test-driven development, and scalable code design. - Experience designing and integrating APIs, data structures, and full-stack system components. - Experience developing in fast-paced, product-driven environments with distributed teams. - Skilled with Git and modern team collaboration workflows (PRs, CI/CD, code reviews). - Familiar with containerization and orchestration tools such as Docker and Kubernetes. - Comfortable working with relational (Postgres) and graph (Neo4j) databases. OFFENSIVE SECURITY - Hands-on experience with developing tools for offensive cybersecurity and/or red team operations. - Deep understanding of common RCE techniques (e.g., SQL injection, buffer overflows, path traversal). - ... (truncated, view full listing at source)