Senior Internal Red Team Engineer
Horizon3.ai
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteSalary
💰 $195,000 - $242,000 per year
Job Level
Senior
Tech Stack
AWSAzureCloudGoogle Cloud PlatformJavaScriptPython
About the role
- Conduct comprehensive threat modeling and risk assessments
- Design and execute end-to-end, objective-based red team operations
- Perform deep, security-focused source code reviews
- Lead comprehensive security configuration audits of cloud environments
- Assess and test the security of CI/CD pipelines
- Conduct in-depth penetration tests against critical web applications
- Actively collaborate with engineering and defensive teams in purple team exercises
- Develop custom tooling, exploits, and automation scripts as required
- Stay abreast of the latest threat intelligence, vulnerabilities, and exploits
- Investigate, own, and report on vulnerabilities, exploit paths, and their business impact
Requirements
- 5+ years of hands-on experience in offensive security
- Proven ability to read, review, and identify vulnerabilities in source code (especially Python and JavaScript)
- Deep, practical experience attacking and auditing cloud environments (e.g., AWS, GCP, Azure)
- Must hold one or more advanced, industry-recognized offensive security certifications: OSCP, OSWE, OSCE, CRTO, or GIAC (GCPN, GXPN)
- Expert-level knowledge of modern web application security, including the OWASP Top 10, API security, and common framework vulnerabilities
- Strong proficiency in common offensive security tools (e.g., Burp Suite, Nmap) and C2 frameworks (e.g., Cobalt Strike, Sliver, Brute Ratel)
- Strong written and verbal communication
Benefits
- Health insurance
- Vision insurance
- Dental insurance
- Flexible vacation policy
- Generous parental leave
- Stock options
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
offensive securitysource code reviewpenetration testingthreat modelingrisk assessmentcloud security auditingCI/CD pipeline securityvulnerability assessmentexploit developmentautomation scripting
Soft skills
collaborationcommunication
Certifications
OSCPOSWEOSCECRTOGIAC GCPNGIAC GXPN