Senior Attack Engineer, AWS SME

GET TO KNOW US Horizon3.ai http://Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs. We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn-it-alls, committed to a culture of respect, collaboration, ownership, and results. As a remote first company, we require minimum 25Mbps consumer grade broadband connection. SUMMARY We’re seeking an AWS Subject Matter Expert to join our Cloud Attack team and lead our AWS offensive strategy and execution. This person will be the internal authority on attacking, validating, and explaining real-world AWS attack paths using NodeZero in customer environments. You’ll help shape the most impactful AWS attack content, and partner closely with Attack Engineering and Product to ensure NodeZero stays aligned with modern cloud attacker tradecraft. This is a high-impact role for someone who is deeply fluent in AWS security and offensive cloud operations, and who enjoys turning cloud chaos into crisp attacker narratives and scalable product feedback. Ideal candidates are hands-on AWS offensive practitioners who can operate independently, communicate clearly with customers, and thrive in a fast-moving offensive security startup. ESSENTIAL FUNCTIONS - Research, develop, and validate AWS offensive capabilities for NodeZero — spanning external AWS API attack surfaces, assumed-breach VPC scenarios, and single-account, multi-account, and hybrid deployments. Ensure all capabilities are production-safe, high-signal, and attacker-realistic. - Research and weaponize AWS misconfigurations, vulnerabilities, and emerging attacker techniques, chaining them into meaningful attack scenarios (identity abuse, data access, control-plane compromise) and keeping NodeZero aligned with the fast-changing AWS threat landscape. - Own AWS offensive methodology and playbooks: discovery → exploitation → privilege escalation / lateral movement → verification → customer narrative. - Partner with Attack Engineering and Product to translate AWS field learnings into prioritized roadmap input and productized attack content. - Serve as the AWS security subject matter expert for customer technical briefings, internal enablement, and select external content (blogs, demos, conference talks). - Mentor Cloud Attack teammates and raise the bar for cloud offensive rigor, delivery quality, and customer-facing clarity. COMPETENCIES / REQUIREMENTS AWS OFFENSIVE SECURITY DEPTH - 7+ years in offensive security with deep AWS specialization. - Strong expertise in AWS security architecture and attacker tradecraft, including: - IAM and identity attack paths (role chaining, federation abuse, privilege escalation) - Resource and data access abuse (S3, RDS, DynamoDB, EBS snapshots, Secrets Manager, Parameter Store) - Compute/container attack patterns (EC2, ECS, EKS, Lambda) - Network/external perimeter and control-plane abuse (VPC misconfigs, SG/NACL issues, API exposure) - Multi-account org/landing zone compromise scenarios - Ability to chain AWS attack paths end-to-end and explain exploitability and impact clearly. - Familiarity with tooling such as Pacu, ScoutSuite, Prowler, CloudSploit, awscli-based tradecraft, or custom cloud offensive tooling. TECHNICAL / ENGINEERING FLUENCY - Strong Python development skills required, along with the ability to read and modify offensive tooling in Go, C++, C#, or other systems languages. - Strong understanding of cloud platform concepts, APIs, and automation pipelines. - Comfortable with Git and PR workflows; experienced collaborating with engineering teams on productized capabilities. - Working knowledge of CI/CD and infrastructure-as-code patterns, including hands-on familiarity with CloudFormation stacks, Terraform, and CDK, to reason about real customer deployments. PRODUCT + CUSTOMER ORIENTATION - Proven experience delivering AWS offensive work where customer outcomes matter (consulting, red team, cloud secur