horizon3ai - WebApp Offensive Security Engineer

• Extensive hands-on experience conducting full-scope web application penetration tests. • Deep, practical knowledge of common and not-so-common web vulnerability classes — SQL injection, XSS (reflected, stored, and DOM-based), SSRF, SSTI/CSTI, IDOR/BOLA, authentication and authorization bypass, path traversal, LFI, and similar — including how to chain them to demonstrate impact. • A talent for finding and exploiting business-logic and edge-case flaws that automated scanners routinely miss. • Strong command of proxy tools like Burp Suite and browser developer tools. • Comfort scripting to reproduce findings and build proof-of-concept exploits (e.g., Python or similar) — you don't need to be a professional software engineer, but you should be able to write and read code well enough to demonstrate an exploit and collaborate effectively with engineers. • Ability to clearly communicate attack steps, impact, and remediation guidance to both engineers and non-technical stakeholders. • Curiosity about emerging AI technologies and comfort using AI-assisted tools in your testing and research workflow. • Strong written and verbal communication, including technical documentation. • Ability to manage multiple priorities, work independently, and mentor teammates of varying experience levels. • Quick to learn and adopt new technologies, frameworks, and target stacks as needed. • History of recognized security research, including documented CVE discoveries and responsible disclosure. • Track record of successful bug bounty contributions. • Familiarity with how autonomous, agentic, or AI-driven pentesting tools work — and a sharp instinct for where and why they fail. • Experience writing detection or attack content (e.g., Nuclei templates, sqlmap tamper scripts, custom Burp extensions). • Enough software development background to collaborate fluently with engineers on remediation and product coverage. • Familiarity with relational and graph databases, particularly Postgres and Neo4j. • Experience with AI/LLM tools for building agentic workflows (e.g., LangChain, LangFlow) and integrating contextual data using protocols like Model Context Protocol (MCP). • Outstanding problem-solving aptitude and a relentless curiosity for how things break. • Self-motivated and highly energetic, with the ability to operate effectively with limited supervision and guidance. • Work with our engineers and security researchers to turn manual discoveries into reliable, production-safe product capabilities. • Strong technical documentation and communication skills. • Document findings, methodologies, and recommendations for both technical and non-technical stakeholders. • What makes you stand out: • A portfolio of novel web application research, exploits, or edge-case findings you can walk us through. • Demonstrated examples of using AI to enhance or accelerate your testing and exploit development. • OSCP, OSWE, or comparable offensive security certifications.