Senior Attack Engineer, AWS SME

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs.

We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn-it-alls, committed to a culture of respect, collaboration, ownership, and results.

As a remote first company, we require minimum 25Mbps consumer grade broadband connection.

We’re seeking an AWS Subject Matter Expert to join our Cloud Attack team and lead our AWS offensive strategy and execution. This person will be the internal authority on attacking, validating, and explaining real-world AWS attack paths using NodeZero in customer environments.

You’ll help shape the most impactful AWS attack content, and partner closely with Attack Engineering and Product to ensure NodeZero stays aligned with modern cloud attacker tradecraft. This is a high-impact role for someone who is deeply fluent in AWS security and offensive cloud operations, and who enjoys turning cloud chaos into crisp attacker narratives and scalable product feedback.

Ideal candidates are hands-on AWS offensive practitioners who can operate independently, communicate clearly with customers, and thrive in a fast-moving offensive security startup.

We are a fully remote company, and this job may require up to 10% of travel to be successful.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.