Original listing text, shown exactly as published by the company.
Competencies / Requirements
AWS Offensive Security Depth
- 7+ years in offensive security with deep AWS specialization.
- Strong expertise in AWS security architecture and attacker tradecraft, including:
- IAM and identity attack paths (role chaining, federation abuse, privilege escalation)
- Resource and data access abuse (S3, RDS, DynamoDB, EBS snapshots, Secrets Manager, Parameter Store)
- Compute/container attack patterns (EC2, ECS, EKS, Lambda)
- Network/external perimeter and control-plane abuse (VPC misconfigs, SG/NACL issues, API exposure)
- Multi-account org/landing zone compromise scenarios
- Ability to chain AWS attack paths end-to-end and explain exploitability and impact clearly.
- Familiarity with tooling such as Pacu, ScoutSuite, Prowler, CloudSploit, awscli-based tradecraft, or custom cloud offensive tooling.
Technical / Engineering Fluency
- Strong Python development skills required, along with the ability to read and modify offensive tooling in Go, C++, C#, or other systems languages.
- Strong understanding of cloud platform concepts, APIs, and automation pipelines.
- Comfortable with Git and PR workflows; experienced collaborating with engineering teams on productized capabilities.
- Working knowledge of CI/CD and infrastructure-as-code patterns, including hands-on familiarity with CloudFormation stacks, Terraform, and CDK, to reason about real customer deployments.
Product + Customer Orientation
- Proven experience delivering AWS offensive work where customer outcomes matter (consulting, red team, cloud security product, or hybrid).
- Ability to translate AWS field realities into crisp product requirements and prioritized feedback.
- Excellent communication and storytelling skills for technical and non-technical audiences.
Desired Skills
- AWS certifications (Security Specialty, Solutions Architect Professional, etc.) are a plus.
- Offensive/cloud certifications (OSCP/OSEP/CCSP/CCSK or equivalent).
- Public research/blogs/CVEs/open-source contributions related to AWS security.
- Experience applying AI/LLM tools to cloud recon, triage, or workflow automation.
- Familiarity with Azure/GCP is a bonus but not required.
Expectations
- Highly self-directed with strong judgment in ambiguous cloud environments.
- Comfortable being both hands-on and strategic: can dive deep technically and lead the broader AWS attacker narrative.
- Operates with urgency while maintaining a high bar for safety, quality, and customer trust.
- Strong cross-functional partner who creates tight learning loops between AWS reality and NodeZero product evolution.
Travel Required
We are a fully remote company, and this job may require up to 10% of travel to be successful.
Compensation and Values
At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Our compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.
In accordance with various State’s transparency regulations, we provide the following salary range information for this position:
- Base salary range (based on level):
- P3, Tier 1–2: $181,000 – $223,000
- P4, Tier 1–2: $196,000 – $242,000
- This position may be filled at either the P3 or P4 level depending on experience, skills, and interview performance. Final compensation is further determined by Tier 1 vs. Tier 2 location alignment.
- Additional compensation: All full-time roles are eligible for an equity package in the form of stock options.
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.
Application Note
In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.
