Summary

We're seeking an AWS Subject Matter Expert to join our Cloud Attack team and lead our AWS offensive strategy and execution. This person will be the internal authority on attacking, validating, and explaining real-world AWS attack paths using NodeZero in customer environments.

You'll help shape the most impactful AWS attack content, and partner closely with Attack Engineering and Product to ensure NodeZero stays aligned with modern cloud attacker tradecraft. This is a high-impact role for someone who is deeply fluent in AWS security and offensive cloud operations, and who enjoys turning cloud chaos into crisp attacker narratives and scalable product feedback.

Ideal candidates are hands-on AWS offensive practitioners who can operate independently, communicate clearly with customers, and thrive in a fast-moving offensive security startup.

Essential Functions

• Research, develop, and validate AWS offensive capabilities for NodeZero - spanning external AWS API attack surfaces, assumed-breach VPC scenarios, and single-account, multi-account, and hybrid deployments. Ensure all capabilities are production-safe, high-signal, and attacker-realistic.
• Research and weaponize AWS misconfigurations, vulnerabilities, and emerging attacker techniques, chaining them into meaningful attack scenarios (identity abuse, data access, control-plane compromise) and keeping NodeZero aligned with the fast-changing AWS threat landscape.
• Own AWS offensive methodology and playbooks: discovery 1 exploitation 1 privilege escalation / lateral movement 1 verification 1 customer narrative.
• Partner with Attack Engineering and Product to translate AWS field learnings into prioritized roadmap input and productized attack content.
• Serve as the AWS security subject matter expert for customer technical briefings, internal enablement, and select external content (blogs, demos, conference talks).
• Mentor Cloud Attack teammates and raise the bar for cloud offensive rigor, delivery quality, and customer-facing clarity.

Competencies / Requirements
AWS Offensive Security Depth

• 7+ years in offensive security with deep AWS specialization.
• Strong expertise in AWS security architecture and attacker tradecraft, including:
  
  • IAM and identity attack paths (role chaining, federation abuse, privilege escalation)
  • Resource and data access abuse (S3, RDS, DynamoDB, EBS snapshots, Secrets Manager, Parameter Store)
  • Compute/container attack patterns (EC2, ECS, EKS, Lambda)
  • Network/external perimeter and control-plane abuse (VPC misconfigs, SG/NACL issues, API exposure)
  • Multi-account org/landing zone compromise scenarios
• Ability to chain AWS attack paths end-to-end and explain exploitability and impact clearly.
• Familiarity with tooling such as Pacu, ScoutSuite, Prowler, CloudSploit, awscli-based tradecraft, or custom cloud offensive tooling.

Technical / Engineering Fluency

• Strong Python development skills required, along with the ability to read and modify offensive tooling in Go, C++, C#, or other systems languages.
• Strong understanding of cloud platform concepts, APIs, and automation pipelines.
• Comfortable with Git and PR workflows; experienced collaborating with engineering teams on productized capabilities.
• Working knowledge of CI/CD and infrastructure-as-code patterns, including hands-on familiarity with CloudFormation stacks, Terraform, and CDK, to reason about real customer deployments.

Product + Customer Orientation

• Proven experience delivering AWS offensive work where customer outcomes matter (consulting, red team, cloud security product, or hybrid).
• Ability to translate AWS field realities into crisp product requirements and prioritized feedback.
• Excellent communication and storytelling skills for technical and non-technical audiences.

Desired Skills

• AWS certifications (Security Specialty, Solutions Architect Professional, etc.) are a plus.
• Offensive/cloud certifications (OSCP/OSEP/CCSP/CCSK or equivalent).
• Public research/blogs/CVEs/open-source contributions related to AWS security.
• Experience applying AI/LLM tools to cloud recon, triage, or workflow automation.
• Familiarity with Azure/GCP is a bonus but not required.

Expectations

• Highly self-directed with strong judgment in ambiguous cloud environments.
• Comfortable being both hands-on and strategic: can dive deep technically and lead the broader AWS attacker narrative.
• Operates with urgency while maintaining a high bar for safety, quality, and customer trust.
• Strong cross-functional partner who creates tight learning loops between AWS reality and NodeZero product evolution.

Travel Required

We are a fully remote company, and this job may require up to 10% of travel to be successful.

Compensation and Values

At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Our compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.

In accordance with various State's transparency regulations, we provide the following salary range information for this position:

• Base salary range (based on level):
  
  • P3, Tier 1-2: $181,000 - $223,000
  • P4, Tier 1-2: $196,000 - $242,000
  • This position may be filled at either the P3 or P4 level depending on experience, skills, and interview performance. Final compensation is further determined by Tier 1 vs. Tier 2 location alignment.
• Additional compensation: All full-time roles are eligible for an equity package in the form of stock options.

Perks of Horizon3.ai

• Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.
• Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.
• Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.
• Remote Work: We are a 100% remote company. Enjoy the flexibility to work in the way that supports you and brings out your best.
• Competitive Compensation: We offer competitive salary, equity and benefits. Our benefits include health, vision & dental insurance for you and your family, a flexible vacation policy, and generous parental leave.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.

Application Note

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.