​This is a full-time, Fully Remote role within the Engineering department at Horizon3.ai. You will sit within the Rapid Response organization, reporting to the Director of Precision Defense. The role is a high-impact position designed for a seasoned expert who can translate complex vulnerability data from the NodeZero autonomous pentesting platform into actionable intelligence for customers and internal teams.

• ​Location: Remote (US).
• ​Experience Required: 8+ years in vulnerability analysis/research or cyber threat intelligence.
• ​Travel: Up to 5% for conferences or team meetings.
• ​Connection Requirement: Minimum 25Mbps broadband.
• ​Mission: To help organizations proactively find and verify exploitable vectors before attackers do, moving beyond “checkbox” security culture.

​What You’ll Do: Intelligence, Research, and Communication

​As the “eyes and ears” of the cybersecurity community for Horizon3.ai, you will bridge the gap between automated exploitation and human-led defense.

• ​Vulnerability Triage: Monitor public databases (CVE/CWE, NVD, CISA KEV) to stay current on emerging threats.
• ​Exploitation Analysis: Analyze NodeZero pentest outcomes to understand real-world customer exposure and inform research prioritization.
• ​Technical Publication: Research, document, and publish mitigation techniques. This includes writing blogs, white papers, and external-facing content about the most impactful vulnerabilities.
• ​Cross-Functional Support: Create internal content for Go-To-Market and Marketing teams. Collaborate with attack engineers to track product coverage for new zero-day or n-day threats.
• ​Threat Actor Tracking: Monitor threat actor behavior and trends to ensure NodeZero’s autonomous logic remains aligned with modern attacker TTPs.

​What You’ll Bring: Expertise and Digital Presence

​Horizon3.ai is looking for a “learn-it-all” with deep fluency in the vulnerability ecosystem and the ability to influence technical and non-technical stakeholders.

• ​Core Research Skills: Hands-on exposure to root-cause analysis, exploit reproduction, and PoC (Proof of Concept) evaluation.
• ​Ecosystem Fluency: Expert knowledge of EPSS (Exploit Prediction Scoring System), CVSS, and vendor advisory lifecycles.
• ​Exploitation Awareness: Understanding of how n-days propagate and the trends in PoC weaponization.
• ​Communication Mastery: Proven ability to publish security communications and present findings at major conferences (e.g., Black Hat, DEF CON, BSides).

​Preferred & Nice-to-Have Skills

• ​Programming: Comfort writing Python for data analysis and automation.
• ​Data Visualization: Experience creating visualizations to illustrate broad vulnerability trends across environments.
• ​Community Presence: Active participation in social channels, community forums, or Bug Bounty/VDP programs.
• ​Media Savvy: Experience briefing reporters or analysts and handling live Q&A sessions.