Senior Attack Engineer, AWS SME
Horizon3.ai
United States
USD 181k-242k / year + Equity
Posted on Apr 4, 2026
Get to Know Us
Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs.
We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn-it-alls, committed to a culture of respect, collaboration, ownership, and results.
As a remote first company, we require minimum 25Mbps consumer grade broadband connection.
Summary
We’re seeking an AWS Subject Matter Expert to join our Cloud Attack team and lead our AWS offensive strategy and execution. This person will be the internal authority on attacking, validating, and explaining real-world AWS attack paths using NodeZero in customer environments.
You’ll help shape the most impactful AWS attack content, and partner closely with Attack Engineering and Product to ensure NodeZero stays aligned with modern cloud attacker tradecraft. This is a high-impact role for someone who is deeply fluent in AWS security and offensive cloud operations, and who enjoys turning cloud chaos into crisp attacker narratives and scalable product feedback.
Ideal candidates are hands-on AWS offensive practitioners who can operate independently, communicate clearly with customers, and thrive in a fast-moving offensive security startup.
Essential Functions
AWS Offensive Security Depth
We are a fully remote company, and this job may require up to 10% of travel to be successful.
Compensation And Values
At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Our compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.
In accordance with various State’s transparency regulations, we provide the following salary range information for this position:
Horizon3 is not just an equal opportunity employer - we are a community that values diversity, equity, and inclusion as fundamental principles of our culture and success. We are dedicated to fostering a workplace where everyone feels welcome and respected, regardless of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, hair length or any other legally protected status by law.
Our commitment to diversity and inclusion means we strive to attract, develop, and retain a workforce that reflects the varied communities we serve. We believe that diverse perspectives drive innovation and strengthen our ability to create cutting-edge cybersecurity solutions. At Horizon3, every team member is valued and supported in an environment that encourages personal and professional growth.
We welcome candidates from all backgrounds and experiences, and we encourage all qualified individuals to apply. Come be a part of Horizon3, where your unique contributions are recognized, and your potential is limitless.
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.
Application Note
In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.
Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs.
We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn-it-alls, committed to a culture of respect, collaboration, ownership, and results.
As a remote first company, we require minimum 25Mbps consumer grade broadband connection.
Summary
We’re seeking an AWS Subject Matter Expert to join our Cloud Attack team and lead our AWS offensive strategy and execution. This person will be the internal authority on attacking, validating, and explaining real-world AWS attack paths using NodeZero in customer environments.
You’ll help shape the most impactful AWS attack content, and partner closely with Attack Engineering and Product to ensure NodeZero stays aligned with modern cloud attacker tradecraft. This is a high-impact role for someone who is deeply fluent in AWS security and offensive cloud operations, and who enjoys turning cloud chaos into crisp attacker narratives and scalable product feedback.
Ideal candidates are hands-on AWS offensive practitioners who can operate independently, communicate clearly with customers, and thrive in a fast-moving offensive security startup.
Essential Functions
- Research, develop, and validate AWS offensive capabilities for NodeZero — spanning external AWS API attack surfaces, assumed-breach VPC scenarios, and single-account, multi-account, and hybrid deployments. Ensure all capabilities are production-safe, high-signal, and attacker-realistic.
- Research and weaponize AWS misconfigurations, vulnerabilities, and emerging attacker techniques, chaining them into meaningful attack scenarios (identity abuse, data access, control-plane compromise) and keeping NodeZero aligned with the fast-changing AWS threat landscape.
- Own AWS offensive methodology and playbooks: discovery → exploitation → privilege escalation / lateral movement → verification → customer narrative.
- Partner with Attack Engineering and Product to translate AWS field learnings into prioritized roadmap input and productized attack content.
- Serve as the AWS security subject matter expert for customer technical briefings, internal enablement, and select external content (blogs, demos, conference talks).
- Mentor Cloud Attack teammates and raise the bar for cloud offensive rigor, delivery quality, and customer-facing clarity.
AWS Offensive Security Depth
- 7+ years in offensive security with deep AWS specialization.
- Strong expertise in AWS security architecture and attacker tradecraft, including:
- IAM and identity attack paths (role chaining, federation abuse, privilege escalation)
- Resource and data access abuse (S3, RDS, DynamoDB, EBS snapshots, Secrets Manager, Parameter Store)
- Compute/container attack patterns (EC2, ECS, EKS, Lambda)
- Network/external perimeter and control-plane abuse (VPC misconfigs, SG/NACL issues, API exposure)
- Multi-account org/landing zone compromise scenarios
- Ability to chain AWS attack paths end-to-end and explain exploitability and impact clearly.
- Familiarity with tooling such as Pacu, ScoutSuite, Prowler, CloudSploit, awscli-based tradecraft, or custom cloud offensive tooling.
- Strong Python development skills required, along with the ability to read and modify offensive tooling in Go, C++, C#, or other systems languages.
- Strong understanding of cloud platform concepts, APIs, and automation pipelines.
- Comfortable with Git and PR workflows; experienced collaborating with engineering teams on productized capabilities.
- Working knowledge of CI/CD and infrastructure-as-code patterns, including hands-on familiarity with CloudFormation stacks, Terraform, and CDK, to reason about real customer deployments.
- Proven experience delivering AWS offensive work where customer outcomes matter (consulting, red team, cloud security product, or hybrid).
- Ability to translate AWS field realities into crisp product requirements and prioritized feedback.
- Excellent communication and storytelling skills for technical and non-technical audiences.
- AWS certifications (Security Specialty, Solutions Architect Professional, etc.) are a plus.
- Offensive/cloud certifications (OSCP/OSEP/CCSP/CCSK or equivalent).
- Public research/blogs/CVEs/open-source contributions related to AWS security.
- Experience applying AI/LLM tools to cloud recon, triage, or workflow automation.
- Familiarity with Azure/GCP is a bonus but not required.
- Highly self-directed with strong judgment in ambiguous cloud environments.
- Comfortable being both hands-on and strategic: can dive deep technically and lead the broader AWS attacker narrative.
- Operates with urgency while maintaining a high bar for safety, quality, and customer trust.
- Strong cross-functional partner who creates tight learning loops between AWS reality and NodeZero product evolution.
We are a fully remote company, and this job may require up to 10% of travel to be successful.
Compensation And Values
At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Our compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.
In accordance with various State’s transparency regulations, we provide the following salary range information for this position:
- Base salary range (based on level):
- P3, Tier 1–2: $181,000 – $223,000
- P4, Tier 1–2: $196,000 – $242,000
- This position may be filled at either the P3 or P4 level depending on experience, skills, and interview performance. Final compensation is further determined by Tier 1 vs. Tier 2 location alignment.
- Additional compensation: All full-time roles are eligible for an equity package in the form of stock options.
- Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.
- Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.
- Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.
- Remote Work: We are a 100% remote company. Enjoy the flexibility to work in the way that supports you and brings out your best.
- Competitive Compensation: We offer competitive salary, equity and benefits. Our benefits include health, vision & dental insurance for you and your family, a flexible vacation policy, and generous parental leave.
Horizon3 is not just an equal opportunity employer - we are a community that values diversity, equity, and inclusion as fundamental principles of our culture and success. We are dedicated to fostering a workplace where everyone feels welcome and respected, regardless of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, hair length or any other legally protected status by law.
Our commitment to diversity and inclusion means we strive to attract, develop, and retain a workforce that reflects the varied communities we serve. We believe that diverse perspectives drive innovation and strengthen our ability to create cutting-edge cybersecurity solutions. At Horizon3, every team member is valued and supported in an environment that encourages personal and professional growth.
We welcome candidates from all backgrounds and experiences, and we encourage all qualified individuals to apply. Come be a part of Horizon3, where your unique contributions are recognized, and your potential is limitless.
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.
Application Note
In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.