Senior Attack Engineer - Vulnerability Research

Senior Attack Engineer - Vulnerability Research Get to Know Us Horizon3.ai http://Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs. We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn-it-alls, committed to a culture of respect, collaboration, ownership, and results. What You’ll Do The Senior Attack Engineer - Vulnerability Research role is responsible for developing and maintaining core parts of NodeZero’s autonomous penetration testing platform while leveraging the latest InfoSec news to swiftly weaponize newly discovered public vulnerabilities. This platform coordinates execution of an ever-growing set of “attack modules” to efficiently and safely conduct a penetration test in the target environment. You will be involved in tasks ranging from vulnerability research, such as analyzing the web components of popular virtualization technologies, to patch-diffing firmware updates in VPN applications, to software development aimed at enhancing and extending the capabilities of our core product. This is a dynamic position that offers the opportunity to work on a wide range of tasks, from building proof-of-concept exploits to advancing our red teaming technologies. - Acquire and configure vulnerable test systems to replicate and validate attack scenarios. - Reverse engineer application binaries and patches to identify vulnerabilities. - Develop and validate proof-of-concept exploits for identified vulnerabilities and ensure their integration into the core product. - Design and implement foundational technology improvements to enable rapid development of exploitation modules. - Collaborate closely with engineering teams to enhance product capabilities and develop new features. - Maintain a comprehensive global view of emerging vulnerabilities, ensuring Horizon3 remains current with the latest threat landscape. What You’ll Bring - Problem-Solving: Strong analytical skills with an aptitude for solving complex technical problems. - Self-Motivation: The ability to work independently with minimal supervision, demonstrating initiative and a high level of energy. - Collaboration: Work closely with the NodeZero team, N-Day researchers, and adjacent teams to weaponize reverse-engineered exploits for product integration and rapidly develop new cross-functional features. - Communication: Strong technical writing and documentation skills, with the ability to convey findings and methodologies to both technical and non-technical stakeholders. - Technical Design: Proficiency in designing, presenting, and evaluating technical solutions, ensuring high-quality software and secure development practices. - Adaptability: Ability to independently learn and adapt to new technologies, tools, and methodologies. Required Experience/Education: - Proficiency in Python: Proficiency in large-scale Python software development. - Software Engineering: Strong understanding of secure software development practices, including experience with version control s ... (truncated, view full listing at source)