Senior Attack Engineer, AWS SME

Horizon3.ai is a fast-growing, remote cybersecurity company focused on enabling organizations to proactively identify and mitigate exploitable attack vectors. They are seeking a Senior Attack Engineer, AWS SME to lead their AWS offensive strategy, develop attack content, and serve as the internal authority on real-world AWS attack paths using their NodeZero platform.

Responsibilities:

• Research, develop, and validate AWS offensive capabilities for NodeZero — spanning external AWS API attack surfaces, assumed-breach VPC scenarios, and single-account, multi-account, and hybrid deployments. Ensure all capabilities are production-safe, high-signal, and attacker-realistic
• Research and weaponize AWS misconfigurations, vulnerabilities, and emerging attacker techniques, chaining them into meaningful attack scenarios (identity abuse, data access, control-plane compromise) and keeping NodeZero aligned with the fast-changing AWS threat landscape
• Own AWS offensive methodology and playbooks: discovery → exploitation → privilege escalation / lateral movement → verification → customer narrative
• Partner with Attack Engineering and Product to translate AWS field learnings into prioritized roadmap input and productized attack content
• Serve as the AWS security subject matter expert for customer technical briefings, internal enablement, and select external content (blogs, demos, conference talks)
• Mentor Cloud Attack teammates and raise the bar for cloud offensive rigor, delivery quality, and customer-facing clarity

Requirements:

• 7+ years in offensive security with deep AWS specialization
• Strong expertise in AWS security architecture and attacker tradecraft, including IAM and identity attack paths (role chaining, federation abuse, privilege escalation)
• Resource and data access abuse (S3, RDS, DynamoDB, EBS snapshots, Secrets Manager, Parameter Store)
• Compute/container attack patterns (EC2, ECS, EKS, Lambda)
• Network/external perimeter and control-plane abuse (VPC misconfigs, SG/NACL issues, API exposure)
• Multi-account org/landing zone compromise scenarios
• Ability to chain AWS attack paths end-to-end and explain exploitability and impact clearly
• Familiarity with tooling such as Pacu, ScoutSuite, Prowler, CloudSploit, awscli-based tradecraft, or custom cloud offensive tooling
• Strong Python development skills required, along with the ability to read and modify offensive tooling in Go, C++, C#, or other systems languages
• Strong understanding of cloud platform concepts, APIs, and automation pipelines
• Comfortable with Git and PR workflows; experienced collaborating with engineering teams on productized capabilities
• Working knowledge of CI/CD and infrastructure-as-code patterns, including hands-on familiarity with CloudFormation stacks, Terraform, and CDK, to reason about real customer deployments
• Proven experience delivering AWS offensive work where customer outcomes matter (consulting, red team, cloud security product, or hybrid)
• Ability to translate AWS field realities into crisp product requirements and prioritized feedback
• Excellent communication and storytelling skills for technical and non-technical audiences
• Highly self-directed with strong judgment in ambiguous cloud environments
• Comfortable being both hands-on and strategic: can dive deep technically and lead the broader AWS attacker narrative
• Operates with urgency while maintaining a high bar for safety, quality, and customer trust
• Strong cross-functional partner who creates tight learning loops between AWS reality and NodeZero product evolution
• AWS certifications (Security Specialty, Solutions Architect Professional, etc.) are a plus
• Offensive/cloud certifications (OSCP/OSEP/CCSP/CCSK or equivalent)
• Public research/blogs/CVEs/open-source contributions related to AWS security
• Experience applying AI/LLM tools to cloud recon, triage, or workflow automation
• Familiarity with Azure/GCP is a bonus but not required