Security Researcher / Developer
US, Remote
Get to Know Us
Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs.
We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results.
As a remote first company, we require minimum 25Mbps consumer grade broadband connection.
What You’ll Do
The Security Researcher / Developer is responsible for leveraging the latest InfoSec news and swiftly weaponizing newly discovered public vulnerabilities for integration into our product. You will be involved in tasks ranging from vulnerability research, such as analyzing the web components of popular virtualization technologies, to patch-diffing firmware updates in VPN applications, to full-stack software development aimed at enhancing and extending the capabilities of our core product.
This is a dynamic position that offers the opportunity to work on a wide range of tasks, from building proof-of-concept exploits to advancing our red teaming technologies.
Acquire and configure vulnerable test systems to replicate and validate attack scenarios.
Develop and validate proof-of-concept exploits for identified vulnerabilities and ensure their integration into the core product.
Collaborate closely with engineering teams to enhance product capabilities and develop new features.
Maintain a comprehensive global view of emerging vulnerabilities, ensuring Horizon3 remains current with the latest threat landscape.
Design and implement innovative solutions that advance our autonomous red teaming technologies.
Utilize common Linux command-line tools (e.g., ssh, grep, scp) to support system configuration and exploit testing.
Monitor and analyze public vulnerability databases, forums, and other resources for N-day vulnerabilities.
What You’ll Bring
Software Engineering: Strong understanding of secure software development practices, including experience with version control systems like Git and effective team workflows.
Problem-Solving: Strong analytical skills with an aptitude for solving complex technical problems.
Self-Motivation: The ability to work independently with minimal supervision, demonstrating initiative and a high level of energy.
Collaboration: Work closely with the NodeZero team and N-Day researchers to weaponize reverse-engineered exploits for product integration.
Communication: Strong technical writing and documentation skills, with the ability to convey findings and methodologies to both technical and non-technical stakeholders.
Technical Design: Proficiency in designing, presenting, and evaluating technical solutions, ensuring high-quality software and secure development practices.
Adaptability: Ability to independently learn and adapt to new technologies, tools, and methodologies.
Required Education/Experience:
Proficiency in Python: Expert-level proficiency in large-scale Python software development.
Vulnerability Exploitation: In-depth knowledge of common Remote Code Execution (RCE) techniques such as SQL injection, path traversal, and buffer overflow exploits.
Network Protocols: Strong understanding of network protocols and their intricacies, including their role in exploitation vectors.
Database Experience: Experience with relational (Postgres) or graph (Neo4j) database systems.
Minimum of 4 years of experience in Vulnerability Research, Exploit Development, or other deeply technical roles with relevant skill sets.
Bachelor's Degree in Computer Science, Computer Engineering or related field.
Equivalent experience may be considered if demonstrable through proof-of-concept write-ups, published vulnerability research, or similar achievements.
Desired Skills
Experience with additional programming languages, including C, C++, or Assembly.
Familiarity with Nuclei for automated vulnerability scanning.
Previous experience working on large-scale software projects.
Knowledge of and experience with Docker and containerization technologies.
Certifications (optional but preferred)
OSCP (Offensive Security Certified Professional) or equivalent certifications.
Work Authorization & Security Clearance Requirements
Only US persons can interview for this role due to security clearance requirements by our customer(s) and/or vendor(s). Employee must be eligible for and successfully secure a US Federal Security Clearance as a condition of employment.
Travel Required
We are a fully remote company, and this job may require up to 5% of travel to be successful.
Compensation and Values
At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Our compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.
In accordance with various State’s transparency regulations, we provide the following salary range information for this position:
Base salary range: $181,000 - $223,000 annually. The exact salary will be determined based on the selected candidate’s location, qualifications, experience, and relevant skills.
Additional compensation: This role may also be eligible for an equity package (in the form of stock options). If any other compensation benefits apply, they will be discussed during the interview process.
Perks of Horizon3.ai
Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.
Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.
Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.
Remote Work: We are a 100% remote company. Enjoy the flexibility to work in the way that supports you and brings out your best.
Competitive Compensation: We offer competitive salary and benefits which includes health, vision & dental care for you and your family, a flexible vacation policy, and generous parental leave.
You Belong Here
Horizon3 is not just an equal opportunity employer - we are a community that values diversity, equity, and inclusion as fundamental principles of our culture and success. We are dedicated to fostering a workplace where everyone feels welcome and respected, regardless of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, hair length or any other legally protected status by law.
Our commitment to diversity and inclusion means we strive to attract, develop, and retain a workforce that reflects the varied communities we serve. We believe that diverse perspectives drive innovation and strengthen our ability to create cutting-edge cybersecurity solutions. At Horizon3, every team member is valued and supported in an environment that encourages personal and professional growth.
We welcome candidates from all backgrounds and experiences, and we encourage all qualified individuals to apply. Come be a part of Horizon3, where your unique contributions are recognized, and your potential is limitless.
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.
Application Note
In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.
ApplyJob Profile
Minimum 25mbps broadband required Travel required
Benefits/PerksCollaborative culture Dynamic tasks Equity Package Growth Opportunities Inclusive culture Professional growth Remote-first company Remote work
Tasks- Analyze web components
- Collaborate with engineering
- Develop proof-of-concept exploits
- Leverage infosec news
- Monitor vulnerability databases
- Patch-diff firmware
- Weaponize vulnerabilities
Adaptability Analytical Collaboration Communication Cybersecurity Docker Documentation Full-stack development Git Linux NEO4J Problem-solving Programming Python Secure Software Development Software Development SQL Technical Design Technical Writing Vulnerability Research
EducationBachelor's degree Bachelor's degree in Computer Science Related Field
TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9