Staff Attack Engineer, AI/LLM

Get to Know Us

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find and fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by ITOps/SecOps teams, consulting pentesters, and MSSPs and MSPs. 

We are a fusion of former U.S. Special Operations cyber operators, startup engineers, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools, false positives resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results.

Summary

We are hiring a Staff Attack Engineer specializing in AI/LLM security to join our team. You will break AI and agentic systems and turn that research into automated attacks inside NodeZero, our autonomous pentesting platform.

This is not consulting or manual pentesting; the goal is to build repeatable, scalable attack patterns that run autonomously across customer environments. You’ll also help drive our LLM-powered offensive capabilities and act as a technical leader for AI/LLM offense.

Essential Functions

Attacking AI/LLM Systems

• Break AI and agentic systems and translate that research into automated, repeatable attack modules for NodeZero.

• Design and execute prompt injection and defense evasion attacks, focusing on generalized, reusable patterns.

• Conduct tool-use exploitation, abusing LLM agents’ access to code, file systems, APIs, and databases for attacker-realistic outcomes (e.g., context poisoning, RCE, data exfiltration, privilege escalation).

• Target AI infrastructure (model serving, training pipelines, vector databases, GPU/MLOps tooling) with an understanding of real-world enterprise deployments and misconfigurations.

• Research and apply model and supply chain attacks (poisoning, training data extraction, adversarial inputs, deployment pipeline abuse).

• Perform threat modeling for agentic systems, mapping trust boundaries and attack surfaces and turning them into concrete attack paths.

• Apply a strong productization mindset, turning manual techniques into safe, reliable, and scalable automated tooling.

Building with LLMs

• Build and extend LLM-powered applications (prompting, structured output, agentic workflows).

• Design with production concerns in mind: cost, safety and hallucination guardrails, reliability, and observability.

• Design and extend microservices that orchestrate LLM tasks and integrate with NodeZero and related offensive workflows.

Competencies / Requirements

• Expert-level Python and software engineering skills.

• Solid penetration testing fundamentals and understanding of common attack chains.

• Familiarity with AI/LLM security frameworks (e.g., OWASP Top 10 for LLMs, MITRE ATLAS).

• Experience in a security product or offensive security team, ideally with shipped offensive capabilities or tooling.

• Proven ability to break AI/LLM and agentic systems.

• Clear understanding of trust boundaries around AI tools, data sources, and permissions, and how to systematically test and exploit them.

• Expert-level ownership – drives high-complexity, high-risk programs and sets strategy, not just execution.

• Self-motivated – identifies problems and builds solutions proactively.

• Industry obsessed – tr