Company:Horizon3 AI
Location:US, EST, PST
Languages:English
Seniority level:Senior, 5+ years
Experience:5+ years
Skills:AWSPythonCybersecurityGCPJavascriptKubernetesAzureCI/CDRESTful APIs
- 5+ years of hands-on experience in offensive security
- Demonstrable track record of leading complex web application and cloud penetration tests
- Proven ability to read, review, and identify vulnerabilities in source code (especially Python and JavaScript)
- Deep, practical experience attacking and auditing cloud environments (AWS, GCP, Azure) and Kubernetes clusters
- Must hold one or more advanced, industry-recognized offensive security certifications: OSCP, OSWE, OSCE, CRTO, or GIAC (GCPN, GXPN)
- Expert-level knowledge of modern web application security, including the OWASP Top 10, API security, and common framework vulnerabilities
- Strong proficiency in common offensive security tools (Burp Suite, Nmap) and C2 frameworks (Cobalt Strike, Sliver, Brute Ratel)
- Strong written and verbal communication skills
- Conduct comprehensive threat modeling and risk assessments
- Design and execute end-to-end, objective-based red team operations
- Perform deep, security-focused source code reviews (Python and JavaScript)
- Lead comprehensive security configuration audits of AWS, Azure, GCP, Digital Ocean, and Kubernetes environments
- Assess and test the security of CI/CD pipelines
- Conduct in-depth penetration tests against critical web applications, APIs, and cloud-native services
- Collaborate with engineering and defensive teams in purple team exercises
- Develop custom tooling, exploits, and automation scripts
- Stay abreast of the latest threat intelligence, vulnerabilities, and exploits
- Investigate, own, and report on vulnerabilities, exploit paths, and their business impact