Manager, Attack Engineering

Get to Know Us

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find and fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by ITOps/SecOps teams, consulting pentesters, and MSSPs and MSPs. 

We are a fusion of former U.S. Special Operations cyber operators, startup engineers, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools, false positives resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results.

We’re seeking an experienced Engineering Manager to lead our Cloud Attack organization across AWS, Azure, Kubernetes, OCI, GCP, and emerging AI-driven environments. In this role, you’ll oversee a team responsible for designing, validating, and scaling offensive capabilities within the NodeZero platform targeting modern cloud and enterprise systems.

You’ll operate at the intersection of offensive security, engineering, and product, driving both hands-on technical direction and strategic execution. This leader will ensure our cloud attack capabilities reflect real-world attacker tradecraft while remaining production-safe, high-signal, and impactful for customers.

Ideal candidates bring a strong mix of technical depth, leadership experience, and product mindset, and are excited to build and scale a team shaping the future of autonomous offensive security.

• Lead and grow a team of Attack Engineers specializing in cloud providers, container orchestration platforms, and AI systems (AWS, Azure, OCI, GCP, Kubernetes).

• Set technical direction, priorities, and quality standards for cloud offensive capabilities.

• Mentor engineers and raise the bar for offensive rigor, delivery quality, and customer-facing clarity.

• Drive hiring and organizational scaling as the Cloud Ops team expands.

• Own offensive strategy across:

  • AWS, Azure, OCI, GCP and multi-cloud environments

  • Kubernetes and container ecosystems

  • Identity, access, and enterprise platform layers

  • AI/LLM-integrated systems

• Guide development of end-to-end attack methodologies:

  • Discovery → exploitation → privilege escalation → lateral movement → impact → verification

• Ensure NodeZero capabilities are realistic, production-safe, and aligned with modern attacker tradecraft.

• Partner with Product and Design to translate field insights into prioritized roadmap input and productized capabilities.

• Create tight feedback loops between real-world attack findings and platform evolution.

• Help define next-generation attack surfaces across cloud and AI systems.

• Oversee high-impact customer engagements and technical briefings.

• Ensure clear articulation of exploitability, business impact, and remediation.

• Contribute to external content such as blogs, demos, and thought leadership where appropriate.

• 5+ years leading offensive security, red team, or attack engineering teams.

• Experience managing teams of 6–10+ engineers and scaling organizations.

• Proven ability to balance hands-on technical depth with strategic leadership.

• Strong expertise in one or more:

  • AWS, Azure, OCI, or GCP attack surfaces

  • Kubernetes / container security

  • Identity and access abuse (IAM, RBAC, federation, privilege escalation)

• Deep understanding of:

  • cloud misconfigurations and exploitation paths

  • data access and control-plane compromise

  • multi-account / multi-tenant attack scenarios

• Ability to chain attack paths end-to-end and clearly explain impact.

• Strong background in software engineering (Python preferred). Experience with APIs, cloud automation, and infrastructure tooling.

• Familiarity with CI/CD and infrastructure-as-code (Terraform, CloudFormation, etc.).

• Comfortable working with Git, MR workflows, and product development cycles.

• Experience translating offensive findings into product capabilities.

• Strong communication skills across technical and non-technical audiences.

• Customer-first mindset with focus on real-world impact.

• Experience across multi-cloud environments (AWS + Azure preferred).

• Familiarity with AI/LLM systems and associated attack surfaces.

• Experience in security tooling, red teaming, or cloud security products.

• Certifications (AWS, OSCP, cloud security) are a plus.

• Public research, blogs, or open-source contributions in cloud security.
  

• Highly self-directed and effective in ambiguous environments.

• Able to operate at both strategic and hands-on technical levels.

• Maintains high standards for quality, safety, and customer trust.

• Strong cross-functional partner across Engineering, Product, and GTM.

We are a fully remote company, and this job may require up to 10% travel.

Perks of Horizon3.ai

• Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.

• Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.

• Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.

• Remote Work: We are a 100% remote company. Enjoy the convenience and work-life balance that comes with remote work. 

• Competitive Compensation: We offer competitive salary, equity and benefits. Our benefits include health, vision & dental insurance for you and your family, a flexible vacation policy, and generous parental leave.

Compensation and Values

At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Our compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.

In accordance with various State’s transparency regulations, we provide the following salary range information for this position:

• Base salary range: $180,000 - $230,000 annually. The exact salary will be determined based on the selected candidate’s location, qualifications, experience, and relevant skills.

• Additional compensation: All full-time roles are eligible for an equity package in the form of stock options.

You Belong Here

Horizon3 is not just an equal opportunity employer - we are a community that values diversity, equity, and inclusion as fundamental principles of our culture and success. We are dedicated to fostering a workplace where everyone feels welcome and respected, regardless of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, or any other legally protected status by law.

Our commitment to diversity and inclusion means we strive to attract, develop, and retain a workforce that reflects the varied communities we serve. We believe that diverse perspectives drive innovation and strengthen our ability to create cutting-edge cybersecurity solutions. At Horizon3, every team member is valued and supported in an environment that encourages personal and professional growth.

We welcome candidates from all backgrounds and experiences, and we encourage all qualified individuals to apply. Come be a part of Horizon3, where your unique contributions are recognized, and your potential is limitless.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.