Level Up Your Cybersecurity Career with Horizon3.ai
Are you a seasoned vulnerability analyst or cyber threat intelligence expert passionate about staying ahead of the curve in the ever-evolving cybersecurity landscape? Do you thrive on uncovering hidden risks and empowering organizations to proactively defend themselves against emerging threats? If so, Horizon3.ai wants you!
About Us:
Horizon3.ai is a rapidly growing, fully remote cybersecurity company on a mission to revolutionize proactive security. Our flagship platform, NodeZero™, delivers production-safe autonomous pentests and comprehensive security assessments across internal, external, cloud, and hybrid cloud environments. We empower organizations of all sizes – from educational institutions to Fortune 100 enterprises – to find, fix, and verify exploitable attack vectors before malicious actors do. We're a team of former U.S. Special Operations cyber operators, startup veterans, and cybersecurity innovators dedicated to solving real-world security challenges. We value collaboration, ownership, and a relentless pursuit of results.
The Opportunity: Vulnerability Analyst / Cyber Threat Intelligence Analyst
Join our Rapid Response team as a Vulnerability Analyst or Cyber Threat Intelligence Analyst and become our eyes and ears in the cybersecurity community. You'll play a critical role in providing our customers with actionable intelligence derived from NodeZero pentest results. You will be responsible for informing customers and internal teams about the latest threats, threat actor tactics, and emerging vulnerabilities, helping us prioritize our research and development efforts. Reporting directly to the Director of Precision Defense, you'll have a direct impact on our customers' security posture.
Your Mission:
Analyze NodeZero pentest outcomes to identify customer exposure to vulnerabilities and threats, influencing our research priorities.
Research, document, and publish mitigation and remediation strategies for the most impactful vulnerabilities affecting our customers.
Continuously monitor public vulnerability databases and threat intelligence feeds to stay on top of emerging threats.
Track product coverage for emerging vulnerabilities and drive communication updates for internal and external stakeholders.
Author and publish public-facing content about vulnerabilities, making complex topics accessible and actionable.
Develop internal content about vulnerabilities and threat actors to support our Go-To-Market and Marketing teams.
Collaborate cross-functionally with attack engineers, product managers, product marketing, and customer success teams.
What You'll Bring to the Table:
8+ years of experience in vulnerability analysis/research or cyber threat intelligence.
Hands-on experience in vulnerability research, including triage, root-cause analysis, exploit reproduction/validation, or proof-of-concept development.
A deep understanding of active exploitation techniques, including how zero-days/n-days propagate, PoC weaponization trends, and their impact on defenders.
Proven ability to handle sensitive information with discretion and build trusted relationships.
Fluency in the vulnerability ecosystem: CVE/CWE, NVD/NIST, CISA KEV, EPSS, vendor advisories, and patch/mitigation lifecycles.
Familiarity with the penetration testing industry and vulnerability management ecosystems.
Exceptional communication and interpersonal skills, with the ability to influence at all levels.
Outstanding organizational skills with the ability to manage multiple priorities and stakeholders.
Must have a minimum 25Mbps consumer grade broadband connection as we are a remote first company.
Bonus Points:
Proficiency in Python scripting.
Experience performing data analysis and creating visualizations to illustrate broad trends.
Experience communicating vulnerability and threat information to technical audiences outside of cybersecurity.
An active digital presence with experience using social channels and community forums to responsibly amplify research.
Public speaking experience at conferences, webinars, podcasts, and customer briefings, with comfort fielding live Q&A.
Even More Awesome If You Have:
Conference publications or awards (e.g., Black Hat, DEF CON, BSides, FIRST).
Media training and experience briefing reporters or analysts.
Bug bounty/VDP experience, including triage or program participation from either side.
Travel: Limited travel (up to 5%) may be required.
Compensation & Perks:
At Horizon3.ai, we believe in rewarding our team members for their contributions.
Base salary range: $195,000 - $242,000 annually. (The exact salary will be determined based on the selected candidate’s location, qualifications, experience, and relevant skills.)
Equity: All full-time roles are eligible for an equity package in the form of stock options.
In addition to competitive compensation, we offer a comprehensive benefits package, including:
Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.
Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.
Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.
Remote Work: We are a 100% remote company. Enjoy the flexibility to work in the way that supports you and brings out your best.
Health, vision & dental insurance for you and your family, a flexible vacation policy, and generous parental leave.
Ready to Join the Horizon3.ai Team?
If you're a passionate cybersecurity professional looking for a challenging and rewarding opportunity to make a real impact, we encourage you to apply! Horizon3.ai is an equal opportunity employer committed to fostering a diverse and inclusive workplace. We welcome candidates from all backgrounds and experiences.
Please note: This job description is not intended to be a comprehensive list of all duties, responsibilities, and activities required of the employee. Duties, responsibilities, and activities may change at any time with or without notice. When submitting materials, feel free to redact age-identifying information such as age, date of birth, or dates of school attendance or graduation.