Staff Attack Engineer, OCI
About the role
Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find, fix, and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs. We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox" security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results.
What You’ll Do
- Research Oracle Cloud Infrastructure services and identify offensive security opportunities across the platform.
- Develop new attack techniques, attack paths, and security assessments targeting OCI environments.
- Build and maintain production-quality Python code that powers NodeZero attack capabilities.
- Conduct offensive security research against OCI compute, networking, storage, databases, IAM, Kubernetes, and cloud-native services.
- Analyze real-world OCI deployments to identify common attack vectors and customer risk patterns.
- Collaborate closely with software engineers, attack engineers, and offensive security SMEs to bring new capabilities into production.
- Document research findings, attack methodologies, and technical design decisions.
- Help prioritize future OCI attack coverage based on customer demand and emerging threats.
- Contribute to the technical direction of NodeZero's cloud attack capabilities.
Required
- Hands-on offensive security experience targeting Oracle Cloud Infrastructure (OCI).
- A strong understanding of cloud attack paths and cloud-native security concepts.
- Experience with web application testing, cloud penetration testing, external assessments, or red team operations.
- Experience writing Python code for automation, tooling, or offensive security workflows.
- The ability to independently research unfamiliar technologies and rapidly become an expert.
- Strong written communication and technical documentation skills.
- A passion for building products, not just finding vulnerabilities.
- 10+ years of professional software engineering and/or offensive security experience.
PREFERRED
- Experience attacking OCI Kubernetes Engine (OKE).
- Experience with cloud privilege escalation and identity attacks.
- Experience developing offensive security tooling.
- Familiarity with AWS, Azure, or GCP offensive security.
- Experience integrating security research into production software.
- Knowledge of vulnerability management and attack path analysis.
Travel Required
We are a fully remote company, and this job may require up to 10% of travel to be successful.
Compensation and Values
At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Our compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.
Additional Information
Our benefits include health, vision & dental insurance for you and your family, a flexible vacation policy, and generous parental leave. You Belong Here Horizon3 is not just an equal opportunity employer - we are a community that values diversity, equity, and inclusion as fundamental principles of our culture and success. We are dedicated to fostering a workplace where everyone feels welcome and respected, regardless of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, hair length or any other legally protected status by law. Our commitment to diversity and inclusion means we strive to attract, develop, and retain a workforce that reflects the varied communities we serve. We believe that diverse perspectives drive innovation and strengthen our ability to create cutting-edge cybersecurity solutions. At Horizon3, every team member is valued and supported in an environment that encourages personal and professional growth. We welcome candidates from all backgrounds and experiences, and we encourage all qualified individuals to apply. Come be a part of Horizon3, where your unique contributions are recognized, and your potential is limitless.
Application Note
In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.