Senior Internal Red Team Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Horizon3.ai · 5 hours ago

Senior Internal Red Team Engineer

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
money$195K/yr - $242K/yr
date5+ years exp

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find, fix and verify exploitable attack vectors. They are seeking a highly experienced Senior Internal Red Team Engineer to emulate advanced adversaries, identify vulnerabilities, and enhance the company's security posture.

Artificial Intelligence (AI)Cyber SecurityEnterprise SoftwareMachine LearningNetwork Security

Responsibilities

Conduct comprehensive threat modeling and risk assessments to identify high-value targets, analyze potential attack vectors, and prioritize red team objectives
Design and execute end-to-end, objective-based red team operations targeting our production cloud and web environments, simulating real-world scenarios to test our defenses
Perform deep, security-focused source code reviews (primarily in Python and JavaScript) to identify complex vulnerabilities like logic flaws, injection, and RCE
Lead comprehensive security configuration audits of our AWS, Azure, GCP, Digital Ocean, and Kubernetes (K8s) environments, identifying exploitable misconfigurations, overly permissive IAM policies, and insecure network settings
Assess and test the security of our CI/CD pipelines (e.g., Jenkins, GitLab CI, GitHub Actions, ArgoCD, Crossplane, etc…) to identify attack paths, secret management flaws, and vulnerabilities that could lead to supply chain attacks
Conduct in-depth penetration tests against critical web applications, APIs, and cloud-native services
Actively collaborate with engineering and defensive teams (Blue Team) in purple team exercises to validate findings and improve detection and response capabilities in real-time. Perform retesting for validation of mitigations or remediations
Develop custom tooling, exploits, and automation scripts as required to bypass security controls. Develop and maintain red team methodologies, tools, and infrastructure
Stay abreast of the latest threat intelligence, vulnerabilities, and exploits; research and develop new exploitation techniques relevant to our technology stack
Investigate, own, and report on vulnerabilities, exploit paths, and their business impact. Author clear, detailed reports and present findings to both technical and leadership audiences

Qualification

Cloud penetration testingWeb application penetration testingOffensive security certificationsSource code reviewThreat modelingKubernetes auditingCI/CD pipeline securityModern web application securityOffensive security toolsCommunication skillsProblem-solving aptitudeAdaptability

Required

5+ years of hands-on experience in offensive security, with a demonstrable track record of leading complex web application and cloud penetration tests
Proven ability to read, review, and identify vulnerabilities in source code (especially Python and JavaScript)
Deep, practical experience attacking and auditing cloud environments (eg: AWS, GCP, Azure) environments (e.g., S3, EC2, RDS, IAM, Lambda, Azure Blob Storage, Google Cloud Storage, etc...) and Kubernetes clusters
Must hold one or more advanced, industry-recognized offensive security certifications: OSCP, OSWE, OSCE, CRTO, or GIAC (GCPN, GXPN)
Expert-level knowledge of modern web application security, including the OWASP Top 10, API security, and common framework vulnerabilities
Strong proficiency in common offensive security tools (e.g., Burp Suite, Nmap) and C2 frameworks (e.g., Cobalt Strike, Sliver, Brute Ratel)
Strong written and verbal communication, including technical documentation and the ability to explain technology to non-technical audiences

Preferred

Experience in a blue team, incident response, or system administration role
Experience with other cloud providers (e.g., GCP, Azure)
Experience with OSINT, phishing, and social engineering campaigns
Familiarity with WAF technologies (e.g., AWS WAF, Akamai)
Relevant cloud or K8s certifications (e.g., AWS Certified Security - Specialty, Certified Kubernetes Administrator (CKA))

Benefits

Health, vision & dental insurance for you and your family
Flexible vacation policy
Generous parental leave

Company

Horizon3.ai

twittertwittertwitter
company-logo
Horizon3.ai offers an autonomous penetration testing platform that helps organizations proactively find and fix security vulnerabilities.
dateFounded in 2019
location
San Francisco, California, USA
people-size201-500 employees
web-link
https://www.horizon3.ai

Funding

Current Stage
Late Stage
Total Funding
$178.5M
Key Investors
Prosperity7 VenturesNew Enterprise AssociatesCraft Ventures
2026-01-13Series Unknown
2025-05-22Series D· $100M
2023-08-08Series C· $40M

Leadership Team

leader-logo
Snehal Antani
Co-Founder & CEO
linkedin
leader-logo
Holly Grey
Chief Financial Officer
linkedin

Recent News

Business Wire
Horizon3.ai Secures Investment from Prosperity7 Ventures to Protect AI Datacenters and Critical Infrastructure
2026-01-14
Business Wire
Horizon3.ai Appoints Andres Botero as Chief Marketing Officer to Drive Strategic Growth and Category Leadership
2026-01-07
The Hacker News
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
2025-12-16
Company data provided by crunchbase