Senior Engineering Manager, RVBM

Get to Know Us

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs.

We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn-it-alls, committed to a culture of respect, collaboration, ownership, and results.

As a remote first company, we require minimum 25Mbps consumer grade broadband connection.

What You'll Do

We’re looking for a Senior Engineering Manager to lead our Risk-Based Vulnerability Management (RBVM) organization — the set of teams that transform NodeZero’s offensive findings and external scanner data into a unified, attacker-validated view of risk.

This role requires a customer obsessed engineering manager and will have significant product ownership. You’ll own and scale the engineering teams behind NodeZero’s RBVM capabilities, including:

• Vulnerability Management Hub (VMH) – centralizing exploitable weaknesses, attack paths, and fix verification into a single operational view.

• Vulnerability Risk Intelligence (VRI) – ingesting data from scanners like Tenable/Qualys/Rapid7 and re-ranking based on exploitability, threat actor pressure, and business impact.

• High-Value Targeting (HVT), Advanced Data Pilfering (ADP), and Threat Actor Intelligence (TAI) – capabilities that reason about “crown jewel” systems, sensitive data, and active adversaries to drive true risk-based prioritization.

• Integrations & FixOps – pushing NodeZero outputs into systems like ServiceNow and Jira, and closing the Find–Fix–Verify loop for customers.

You’ll build and lead an organization that helps customers move from vulnerability lists to FixOps: fixing what matters most, and proving it.

What You’ll Bring

• Leadership & Product Ownership

• Proven experience leading multiple backend/platform teams or an engineering org in a SaaS, cybersecurity, or cloud-scale environment.

• Track record of taking products from concept to market — including POCs, MVPs, launches, and iterative improvements — in partnership with Product and GTM.

• Comfort operating in an environment with limited dedicated PM capacity, including helping define direction, shaping roadmaps, and setting technical priorities.

• Demonstrated ability to manage concurrent initiatives and balance short-term delivery with longer-term platform and product investments.

• RBVM / Security Domain Exposure

• Familiarity with vulnerability management concepts, including vulnerability scanners (e.g., Tenable, Qualys, Rapid7), CVEs/CVSS, and the difference between “vulnerable” and “exploitable.”

• Experience or strong interest in risk-based approaches that combine exploitability, threat actor behavior, and business impact.

• Comfort collaborating with offensive security, detection/defense, or security operations teams.

• Technical Depth

• Highly technical background with expertise in software development and B2B SaaS multi-product platforms.

• Deep understanding of scalable backend architecture, data modeling, databases, and distributed systems.

• Experience with data pipelines and ETL systems, including performance, reliability, and observability considerations.

• Strong grasp of cloud infrastructure concepts (AWS, GCP, or Azure), DevOps, and resilience engineering.

• Collaboration & Communication

• Excellent written and verbal communication skills; able to explain complex technical and risk concepts to both engineers and non-technical stakeholders.

• Experience working cross-functionally with designers, developers, product managers, customer teams, and GTM.

• Strong documentation habits and a bias toward clarity, transparency, and alignment.

• Mindset

• Creative, self-motivated, highly energetic, detail- and results-oriented.

• “Learn-it-all” attitude, with curiosity about both offensive and defensive security domains.

• Strong ability to identify procedural and architectural gaps, implement best practices, and empower teams to ship high-quality features at high velocity.

• Background

• Bachelor’s and/or Master’s degree in Computer Science, Engineering, or a related technical field, or equivalent practical experience.

• Experience building and hiring high performing engineering teams.

• Extensive experience in technical leadership and architectural decision-making for complex systems.

• Exposure to cybersecurity industry standards, trends, and common attacker techniques is a plus.

Required Tech Stack Experience

• Strong background in backend and/or platform engineering, with deep experience designing, scaling, and maintaining distributed systems.

• Expertise in at least one modern programming language (Python strongly preferred; Go, Java, C++, or similar also relevant).

• Familiarity with ETL pipelines, data flow orchestration, and database performance optimization (e.g., PostgreSQL, Neo4j, or equivalent).

• Experience working with analytics- or graph-heavy workloads, especially where relationships between assets, identities, and vulnerabilities matter.

• Solid understanding of cloud infrastructure and services (AWS, Azure, or GCP), including networking, compute, and storage fundamentals.

• Exposure to infrastructure-as-code and deployment concepts (e.g., Terraform, Docker, Kubernetes, CI/CD tooling).

• Experience with observability and monitoring stacks (e.g., Prometheus, Grafana, Datadog, OpenTelemetry).

• Understanding of security and reliability best practices in a multi-tenant SaaS or cybersecurity environment.

• Knowledge of Linux-based systems (e.g., Ubuntu, Kali) and modern development practices for distributed services.

Travel Required

We are a fully remote company, and this job may require up to 5% of travel to be successful.

Compensation and Values

At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Our compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.

In accordance with various State’s transparency regulations, we provide the following salary range information for this position:

• Base salary range: $210,000 - $260,000 annually. The exact salary will be determined based on the selected candidate’s location, qualifications, experience, and relevant skills.

• Additional compensation: All full-time roles are eligible for an equity package in the form of stock options.

Perks of Horizon3.ai

• Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.

• Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.

• Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.

• Remote Work: We are a 100% remote company. Enjoy the flexibility to work in the way that supports you and brings out your best.

• Competitive Compensation: We offer competitive salary and benefits which includes health, vision & dental care for you and your family, a flexible vacation policy, and generous parental leave.

You Belong Here

Horizon3 is not just an equal opportunity employer - we are a community that values diversity, equity, and inclusion as fundamental principles of our culture and success. We are dedicated to fostering a workplace where everyone feels welcome and respected, regardless of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, or any other legally protected status by law.

Our commitment to diversity and inclusion means we strive to attract, develop, and retain a workforce that reflects the varied communities we serve. We believe that diverse perspectives drive innovation and strengthen our ability to create cutting-edge cybersecurity solutions. At Horizon3, every team member is valued and supported in an environment that encourages personal and professional growth.

We welcome candidates from all backgrounds and experiences, and we encourage all qualified individuals to apply. Come be a part of Horizon3, where your unique contributions are recognized, and your potential is limitless.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.

Application Note

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.