Continuous, autonomous pentesting, powered by NodeZero. Are your systems secure? Don't wait for a breach to find out!
Web Application Offensive Security Engineer
Location
United States
Posted
4 days ago
Salary
$196K - $242K / year
Seniority
Mid Level
Job Description
Web Application Offensive Security Engineer
Horizon3.ai
Role Description We're looking for a Webapp Offensive Security Engineer with deep, hands-on web application penetration testing experience to push our autonomous testing beyond what it can do today. You'll be testing real customer web applications — not just labs and benchmarks — using NodeZero as your starting point and then going further as the human expert: - Hunting the edge cases, novel attack chains, and business-logic flaws that automated testing doesn't yet handle. - Proving them out safely against live targets. - Working shoulder-to-shoulder with our software engineers to turn each discovery into durable product coverage that benefits every customer. This is a pentesting-first role. You won't be expected to architect platform internals or ship production features yourself — you'll be the offensive expert who tests live customer applications, finds the gaps NodeZero doesn't yet cover, demonstrates them, defines what "good" looks like, and partners with engineering to close them. Essential Functions - Perform hands-on, full-scope web application penetration tests against real customer applications, alongside benchmark and lab targets, to surface vulnerabilities and attack paths. - Review NodeZero results on live customer engagements to identify coverage gaps, blind spots, and missed opportunities. - Manually reproduce and validate edge cases, building reliable, production-safe proof-of-concept exploits and clear test cases. - Partner closely with software engineers to translate findings into product improvements. - Build and maintain a library of regression and benchmark test cases. - Monitor production pentests for missed findings and false positives; create and triage Jira tickets. - Work directly with customers and internal teams to investigate findings and explain attack paths. - Author technical blog posts and research write-ups showcasing new exploits, edge cases, and attack methodologies. - Mentor teammates and contribute to continuous improvement of team processes, methodology, and testing standards. Qualifications - Extensive hands-on experience conducting full-scope web application penetration tests. - Deep, practical knowledge of common and not-so-common web vulnerability classes. - A talent for finding and exploiting business-logic and edge-case flaws that automated scanners miss. - Strong command of proxy tools like Burp Suite and browser developer tools. - Comfort scripting to reproduce findings and build proof-of-concept exploits. - Ability to clearly communicate attack steps, impact, and remediation guidance. - Curiosity about emerging AI technologies and comfort using AI-assisted tools. - Strong written and verbal communication skills. - Ability to manage multiple priorities, work independently, and mentor teammates. - Quick to learn and adopt new technologies, frameworks, and target stacks. - History of recognized security research, including documented CVE discoveries. - Track record of successful bug bounty contributions. Desired/Nice to Have - Familiarity with how autonomous, agentic, or AI-driven pentesting tools work. - Experience writing detection or attack content. - Enough software development background to collaborate fluently with engineers. - Familiarity with relational and graph databases, particularly Postgres and Neo4j. - Experience with AI/LLM tools for building agentic workflows. Expectations - Outstanding problem-solving aptitude and a relentless curiosity for how things break. - Self-motivated and highly energetic, with the ability to operate effectively with limited supervision. - Work with engineers and security researchers to turn manual discoveries into reliable product capabilities. - Strong technical documentation and communication skills. - Document findings, methodologies, and recommendations for stakeholders. What makes you stand out - A portfolio of novel web application research, exploits, or edge-case findings. - Demonstrated examples of using AI to enhance or accelerate testing. - OSCP, OSWE, or comparable offensive security certifications. Benefits - Inclusive Team: We value diversity and promote an inclusive culture. - Growth Opportunities: Be part of a dynamic and growing team. - Innovative Culture: Work in a collaborative environment that encourages creativity. - Hybrid & Remote Work: Embrace a mix of remote and hybrid work models. - Competitive Compensation: We offer competitive salary, equity, and benefits. Compensation and Values At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. In accordance with various State’s transparency regulations, we provide the following salary range information for this position: - Base salary range: $196,000 - $242,000. - Additional compensation: All full-time roles are eligible for an equity package in the form of stock options. You Belong Here Horizon3 is not just an equal opportunity employer - we are a community that values diversity, equity, and inclusion as fundamental principles of our culture and success. We welcome candidates from all backgrounds and experiences, and we encourage all qualified individuals to apply. Other Duties Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.
Related Guides
Related Categories
Related Job Pages
More Application Engineer Jobs
Senior Application Security Engineer – Southeast Region
GuidePoint SecurityFounded in 2011 and headquartered in Herndon, Virginia, GuidePoint Security furnishes commercial and federal organizations with customized information security
• Leading AppSec program assessments to evaluate current state, identify gaps, and help clients prioritize remediation efforts based on risk, resources, and organizational readiness • Designing pragmatic security workflows, processes, tooling integrations, and developer friendly practices that engineering teams will actually adopt • Getting hands-on when needed: implementing SAST/SCA/DAST/API tooling, configuring CI/CD security gates, building threat models, and conducting architecture reviews • Navigating organizational complexity by helping clients work through the messy middle: tool sprawl, low adoption rates, competing priorities, technical debt, and cross-functional alignment challenges • Delivering polished client work, producing clear assessments, actionable roadmaps, implementation guides, and executive communications that drive decision-making • Serving as a strategic advisor and hands-on partner, adapting your approach to each client’s culture, maturity, and goals
Application Change Management Engineer
PantheonPantheon is a website operations platform for Drupal and WordPress that allows organizations to manage their websites from a single dashboard. Launched in 2010,
Role Description O(A) Engenheiro(a) de Sistemas de Gerenciamento de Mudanças de Aplicativos será responsável por garantir a integridade dos sistemas e coordenar, junto às demais equipes globais de suporte de TI, todas as atividades relacionadas ao gerenciamento de mudanças em ambientes corporativos complexos, com foco principal em sistemas SAP. Esta posição possui papel estratégico na governança de mudanças, assegurando que todas as alterações sejam planejadas, controladas, implementadas e monitoradas de acordo com os processos estabelecidos, garantindo a estabilidade, disponibilidade e conformidade dos ambientes produtivos. O profissional atuará em um ambiente global, colaborando com equipes técnicas, funcionais e de projetos distribuídas em diferentes regiões, suportando operações críticas e processos de mudança em larga escala. Qualifications - Experiência em gerenciamento de mudanças de aplicações e governança de ambientes corporativos complexos. - Vivência em ambientes SAP de grande porte. - Experiência com controle, planejamento e execução de transportes e mudanças em múltiplos ambientes. - Experiência atuando em equipes globais e ambientes multiculturais. - Vivência em processos de suporte operacional e gerenciamento de incidentes relacionados a mudanças. Requirements - Conhecimentos Obrigatórios: - SAP Solution Manager (ChaRM e Focused Build) - SAP Transport Management System (STMS) - SAP (conhecimento geral) - ServiceNow (conhecimento geral) - Microsoft Office - SharePoint - Conhecimentos Desejáveis: - LiveCompare - SAP BASIS - Desenvolvimento ServiceNow - Experiência com desenvolvimento de scripts - Competências Comportamentais: - Forte orientação para excelência operacional e funcional. - Compromisso com qualidade e produtividade. - Conhecimento e aderência às metodologias ágeis. - Consciência e sensibilidade em relação à segurança da informação e confidencialidade. - Capacidade de adaptação a mudanças de prioridade e prazos. - Excelentes habilidades de comunicação verbal e escrita. - Inglês fluente para comunicação em ambiente global. - Forte capacidade analítica e de interpretação de cenários complexos. - Facilidade para trabalhar em equipe e coordenar atividades entre múltiplos stakeholders. - Senso de responsabilidade, comprometimento e ownership. - Perfil proativo, inovador e orientado à solução de problemas. - Orientação para atendimento ao cliente e qualidade de serviço. - Capacidade de tomada de decisão baseada em análise e impacto no negócio. - Boa organização e gestão das próprias atividades. - Habilidade para atuar sob pressão em ambientes críticos e de alta disponibilidade. Benefits - Fornecer suporte ao processo global de gerenciamento de mudanças (Follow The Sun – FTS) para ambientes SAP. - Coordenar atividades relacionadas a congelamento de mudanças (Change Freeze), janelas de migração para produção, atualizações SAP e renovações de sistemas. - Utilizar SAP Solution Manager, SAP Change Request Management (ChaRM), Focused Build e SAP Transport Management System (STMS) para movimentação e controle de mudanças em mais de 30 ambientes de três camadas, além de ambientes N+1. - Atuar como membro de uma equipe global utilizando metodologia AGILE. - Implementar e manter controles e práticas de gerenciamento de mudanças para garantir a integridade, estabilidade e disponibilidade dos sistemas SAP. - Investigar e solucionar incidentes e problemas relacionados ao gerenciamento de mudanças em todos os ambientes SAP. - Realizar comunicação diária com equipes técnicas, funcionais e de processos em âmbito global. - Identificar oportunidades de melhoria contínua para aumentar a eficiência operacional e a qualidade do suporte prestado. - Atuar como principal ponto de contato entre equipes de negócio, equipes técnicas e equipes de projeto para planejamento e agendamento de mudanças. - Apoiar iniciativas de gerenciamento de mudanças relacionadas a projetos e demandas operacionais. - Participar de atividades de suporte fora do horário comercial, conforme escala de plantão global, incluindo suporte limitado em finais de semana quando necessário. - Participar dos processos de Recuperação de Desastres (Disaster Recovery). Company Description Buscamos profissionais com sólida experiência em gerenciamento de mudanças e governança de ambientes SAP, capazes de atuar em um contexto global, altamente colaborativo e orientado à estabilidade operacional. O profissional deverá possuir forte capacidade de coordenação, comunicação e análise, garantindo que todas as mudanças ocorram de forma controlada, segura e alinhada às necessidades do negócio.
Application Engineer
EXLWe make sense of data to drive your business forward. #MakeSenseofData #DriveYourBusinessForward #PartnerYourWay
• Design, develop, and support enterprise-grade applications using .NET, .NET Core, and Python, ensuring scalability, maintainability, and performance. • Define and implement robust application architecture patterns aligned with business, security, and operational requirements. • Lead the design of modern data architectures, including relational databases, NoSQL/document stores, star schemas, data lakes, and streaming data pipelines. • Translate business and technical requirements into end-to-end solution designs that integrate application, data, and infrastructure components effectively. • Provide guidance on infrastructure topologies for both on-premises and cloud-based environments, including virtual machines, containers, Kubernetes/AKS, and Azure-native services. • Drive adoption of strong SDLC and DevOps practices, including CI/CD, code quality controls, release automation, environment management, and agile delivery methodologies. • Collaborate with cross-functional teams including business stakeholders, architects, developers, data engineers, and operations teams to deliver high-quality technology solutions. • Ensure solutions are designed with appropriate focus on resilience, scalability, security, and operational efficiency. • Troubleshoot complex technical issues across application, data, and infrastructure layers, and provide practical resolution approaches. • Work effectively in high-pressure environments, managing multiple priorities while maintaining delivery quality and timeliness. • Leverage industry knowledge to align technology solutions with insurance domain requirements, processes, and business objectives.
Application Security Engineer
Greenlight PlanetPowering access to brighter lives in Africa, Asia, and beyond
• Own Application security responsibility for assigned business functions by performing threat modeling, architecture reviews, penetration testing, secure coding programs, and vulnerability management. • Perform manual penetration testing and vulnerability assessments on web applications, APIs, and android mobile applications • Perform security reviews for AI‑native products, models, pipelines, and inference services. • Onboard applications into the SSDLC program and be a security point of contact for the application product. • Own security incident response for product-layer issues, define remediation plans, and track fixes through to closure • Integrate and tune SAST/DAST/IAST/SCA tools in CI/CD, create custom rules where needed and actively triage false positives. • Review and harden cloud infrastructure — Kubernetes RBAC, pod security, network policies, Istio service mesh, Keycloak/OIDC configurations, and IAM across AWS, DigitalOcean, GCP, and Firebase • Communicate vulnerabilities and risk clearly to developers, product managers, and leadership — in language that drives actionable results • Conduct Application security trainings for engineers, product managers etc
