Offensive Security Engineer

About The Position

Requirements

• 3–5 years of experience in cybersecurity, with at least 2 years working within an MSSP, SOC, or offensive security consulting team.
• Deep understanding of penetration testing methodologies, the MITRE ATT&CK framework, and common network/cloud lateral movement techniques.
• Strong grasp of enterprise networking (VLANs, firewalls, routing) and hybrid cloud architectures (AWS, Azure, GCP).
• Exceptional ability to explain complex technical vulnerabilities and exploit chains to non-technical executive stakeholders.
• Bachelor’s degree or equivalent practical experience.

Nice To Haves

• Proven hands-on experience with Horizon3.ai NodeZero (certification or accreditation under the Horizon3.ai Vanguard Partner Program is a major plus).
• Horizon3.ai NodeZero Certified Professional / Administrator, CEH (Certified Ethical Hacker), CompTIA PenTest+, or OSCP (Offensive Security Certified Professional).
• Deep knowledge of proactive security validation trends and the evolving automated penetration testing landscape.

Responsibilities

• Configure, deploy, and manage the Horizon3.ai NodeZero platform across diverse multi-tenant client environments, covering internal, external, cloud, and hybrid infrastructures.
• Schedule and execute continuous or on-demand autonomous penetration tests based on client risk profiles, compliance mandates, or zero-day threats.
• Manage licensing, concurrent testing allocations, and IP address allotments across the client tracking registry.
• Analyze complex NodeZero testing outputs to differentiate between theoretical vulnerabilities and actual, exploitable attack vectors.
• Map active attack paths and context-poisoning vectors to help defensive teams isolate systemic security weaknesses.
• Conduct post-remediation security validation testing to scientifically verify that security patches or configuration changes successfully closed the exploit path.
• Translate highly technical attack data into clear, risk-prioritized remediation strategies for client IT and security leaders.
• Conduct strategic Quarterly Business Reviews (QBRs) to visually demonstrate client security posture improvements and measurable security outcomes over time.
• Produce compliance-ready penetration testing artifacts satisfying requirements for frameworks such as SOC 2, HIPAA, PCI-DSS, and ISO 27001.
• Partner closely with internal Blue Teams and SOC Analysts to tune SIEM, EDR, and XDR alerting rules based on insights gained from NodeZero attack loops.
• Support threat modeling initiatives by analyzing automated attack chains and translating them into defensive playbooks.

Benefits

• Comprehensive Health & Wellness: Robust medical insurance options to keep you and your family healthy.
• Employer-Covered Insurance: We fully provide employer-paid Dental coverage, as well as Short-Term (STD) and Long-Term Disability (LTD).
• Generous Time Off: We believe in a true work-life balance. You’ll start with 3 weeks of paid vacation, plus additional sick leave and paid company holidays.
• Growth & Mentorship: Access to world-class training. We support your career trajectory, whether you’re looking to deepen your technical skills or move into leadership.
• Impactful Work: Help protect global clients using the latest AI-enhanced security tools and GCP native technologies.