Senior Software Engineer, Browser Automation

About the role

We're building an autonomous, black-box web application penetration tester. It crawls and attacks real production websites the way a skilled human pentester would, finding broken access control, injection, XSS, and more, under a strict production-safe, no-false-positives mandate. The hardest part of that job isn't the exploitation. The hardest part is reliably driving a real browser through messy, modern web apps at scale: logging in, navigating SPAs, surviving anti-bot defenses, and mapping every reachable surface without getting stuck or causing harm. That's the engine you'd own. Essential Functions Help us grow and harden our browser automation and crawling engine , which is the layer that discovers, navigates, and interacts with target applications before and during an autonomous pentest. Advance our browser-driven crawler using Playwright and Stagehand . Tackle the gnarly realities of modern web apps: SPA routing and hydration timing, authenticated sessions, multi-step flows, file uploads, WebSocket/ Socket.IO traffic, infinite scroll, and crawler traps. Extend our agentic login and authentication capabilities, including complex auth flows, MFA/TOTP, and credentialed access reliable enough to run unattended against customer environments. Improve crawl coverage, determinism, and throughput . This involves endpoint and parameter discovery, dedupe, queueing, and state management, while keeping everything production-safe and side-effect-aware. Help draw the line between deterministic automation and LLM-driven navigation , applying models surgically rather than as a default, and keeping the system fast, debuggable, and cheap to run. Collaborate with the attack-team engineers who consume your crawl output, and help shape the graph-backed application map the rest of the pipeline depends on. Competencies/Requirements Experience building production software, with deep, hands-on experience in browser automation (Playwright, Puppeteer, or Selenium) against real, non-trivial web applications. Strong TypeScript / Node.js skills and comfort living inside the headless-browser stack, including Chromium internals, the Chrome DevTools Protocol, network interception, the DOM, and JS execution contexts. A track record of taming flaky, stateful, JavaScript-heavy apps . You've fought SPA timing, authentication, and anti-automation defenses and won. Solid instincts for distributed/concurrent systems : queues, backpressure, retries, idempotency, and running many browser sessions reliably at scale. A bias toward determinism and debuggability , and the judgment to reach for an LLM only when a deterministic approach genuinely can't do the job. Ownership mentality: you are comfortable taking a critical subsystem from "works" to "works unattended, at scale, against someone else's production environment." Desired/Nice to Have Experience with agentic browser frameworks (Stagehand, Browser Use, or similar) or building LLM-in-the-loop automation. Background in web application security or offensive tooling - familiarity with broken access control, IDOR/BOLA, SQLi, XSS, SSRF, or SSTI in the wild. Familiarity with graph data models (e.g., Neo4j) for representing application structure. Experience with large-scale crawling, endpoint discovery (e.g., parsing/analyzing client-side JS), or session/credential management for automated access. Comfort working in an environment where correctness against a live customer system is a hard, non-negotiable constraint. What makes you stand out: You've gone beyond using tools like Playwright or Puppeteer to actually hacking on their internals or contributing to the core. You've built browser automation at extreme scale, handling thousands of sessions against hostile, heavily-defended targets. You know ex

Benefits

Additional Information

Get to Know Us Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix, and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZero™ platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by ITOps/SecOps teams, consulting pentesters, and MSSPs and MSPs. We are a fusion of former U.S. Special Operations cyber operators, startup engineers, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools, false positives resulting in alert fatigue, blind spots, "checkbox" security culture, the cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn-it-alls, committed to a culture of respect, collaboration, ownership, and results.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at horizon3ai? Share your experience