horizon3ai - Senior Attack Engineer, AWS SME

• ESSENTIAL FUNCTIONS • Research, develop, and validate AWS offensive capabilities for NodeZero — spanning external AWS API attack surfaces, assumed-breach VPC scenarios, and single-account, multi-account, and hybrid deployments. Ensure all capabilities are production-safe, high-signal, and attacker-realistic. • Research and weaponize AWS misconfigurations, vulnerabilities, and emerging attacker techniques, chaining them into meaningful attack scenarios (identity abuse, data access, control-plane compromise) and keeping NodeZero aligned with the fast-changing AWS threat landscape. • Own AWS offensive methodology and playbooks: discovery → exploitation → privilege escalation / lateral movement → verification → customer narrative. • Partner with Attack Engineering and Product to translate AWS field learnings into prioritized roadmap input and productized attack content. • Serve as the AWS security subject matter expert for customer technical briefings, internal enablement, and select external content (blogs, demos, conference talks). • Mentor Cloud Attack teammates and raise the bar for cloud offensive rigor, delivery quality, and customer-facing clarity. • AWS OFFENSIVE SECURITY DEPTH • 7+ years in offensive security with deep AWS specialization. • Strong expertise in AWS security architecture and attacker tradecraft, including: • IAM and identity attack paths (role chaining, federation abuse, privilege escalation) • Resource and data access abuse (S3, RDS, DynamoDB, EBS snapshots, Secrets Manager, Parameter Store) • Compute/container attack patterns (EC2, ECS, EKS, Lambda) • Network/external perimeter and control-plane abuse (VPC misconfigs, SG/NACL issues, API exposure) • Multi-account org/landing zone compromise scenarios • Ability to chain AWS attack paths end-to-end and explain exploitability and impact clearly. • Familiarity with tooling such as Pacu, ScoutSuite, Prowler, CloudSploit, awscli-based tradecraft, or custom cloud offensive tooling. • TECHNICAL / ENGINEERING FLUENCY • Strong Python development skills required, along with the ability to read and modify offensive tooling in Go, C++, C#, or other systems languages. • Strong understanding of cloud platform concepts, APIs, and automation pipelines. • Comfortable with Git and PR workflows; experienced collaborating with engineering teams on productized capabilities. • Working knowledge of CI/CD and infrastructure-as-code patterns, including hands-on familiarity with CloudFormation stacks, Terraform, and CDK, to reason about real customer deployments. • PRODUCT + CUSTOMER ORIENTATION • Proven experience delivering AWS offensive work where customer outcomes matter (consulting, red team, cloud security product, or hybrid). • Ability to translate AWS field realities into crisp product requirements and prioritized feedback. • Excellent communication and storytelling skills for technical and non-technical audiences. • AWS certifications (Security Specialty, Solutions Architect Professional, etc.) are a plus. • Offensive/cloud certifications (OSCP/OSEP/CCSP/CCSK or equivalent). • Public research/blogs/CVEs/open-source contributions related to AWS security. • Experience applying AI/LLM tools to cloud recon, triage, or workflow automation. • Familiarity with Azure/GCP is a bonus but not required. • Highly self-directed with strong judgment in ambiguous cloud environments. • Comfortable being both hands-on and strategic: can dive deep technically and lead the broader AWS attacker narrative. • Operates with urgency while maintaining a high bar for safety, quality, and customer trust. • Strong cross-functional partner who creates tight learning loops between AWS reality and NodeZero product evolution. • We are a fully remote company, and this job may require up to 10% of travel to be successful.