Staff Attack Engineer, OCI

Horizon3.ai, Inc.

Job Overview

Location

US, Remote

Job Type

Full-time

Full Job Description

📋 Description

• Research Oracle Cloud Infrastructure (OCI) services to identify offensive security opportunities across compute, networking, storage, databases, IAM, Kubernetes, and cloud-native services.
• Develop new attack techniques, attack paths, and security assessments specifically targeting OCI environments to enhance the NodeZero platform.
• Build and maintain production-quality Python code that powers autonomous offensive security capabilities within NodeZero.
• Analyze real-world OCI deployments to uncover common attack vectors, misconfigurations, and customer risk patterns.
• Collaborate with software engineers, attack engineers, and offensive security SMEs to integrate new OCI attack capabilities into the NodeZero platform.
• Document research findings, attack methodologies, and technical design decisions with clarity and precision for internal and customer-facing use.
• Help prioritize future OCI attack coverage based on customer demand, emerging threats, and platform strategy.
• Contribute to the technical direction and evolution of NodeZero’s cloud attack capabilities, shaping how OCI assessments are delivered at scale.
• Operate independently to research unfamiliar cloud technologies and rapidly develop expertise in Oracle Cloud Infrastructure.
• Ensure all offensive security research is production-safe and aligned with customer environments, avoiding disruption while maximizing detection coverage.
• Work within a fully remote team to deliver high-impact offensive security capabilities without reliance on physical presence.
• Support the growth of Horizon3.ai’s OCI offensive security strategy as adoption increases among hyperscale enterprises, government agencies, and AI infrastructure providers.
• Maintain alignment with existing cloud attack capabilities for AWS, Azure, and GCP while expanding depth and breadth of OCI-specific coverage.
• Translate complex cloud security concepts into actionable, automated assessments that reduce alert fatigue and eliminate blind spots for customers.
• Participate in cross-functional planning to ensure OCI attack content meets the needs of IT Ops/SecOps teams, consulting pentesters, MSSPs, and MSPs.
• Contribute to a culture of ownership, collaboration, and results-driven innovation within the NodeZero Attack team.

🎯 Requirements

• Hands-on offensive security experience targeting Oracle Cloud Infrastructure (OCI).
• Strong understanding of cloud attack paths and cloud-native security concepts.
• Experience writing Python code for automation, tooling, or offensive security workflows.
• 10+ years of professional software engineering and/or offensive security experience.
• Ability to independently research unfamiliar technologies and rapidly become an expert.
• Strong written communication and technical documentation skills.

🏖️ Benefits

• Base salary range of $247,000 - $275,000.
• Equity package in the form of stock options for all full-time roles.
• Health, vision, and dental insurance for employee and family.
• Flexible vacation policy.
• Generous parental leave.
• Inclusive team culture that values diversity, equity, and inclusion.

Skills & Technologies

Python

AWS

Azure

GCP

Kubernetes

Senior

Remote

$247k-275k

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

AI Job Fit Analysis

Pro

See exactly how your profile matches this role — strengths, skill gaps, and what to do about them.

Horizon3.ai, Inc.

Visit Website

About Horizon3.ai, Inc.

Horizon3.ai provides autonomous security testing and attack surface management software. Its NodeZero platform continuously assesses enterprise networks, clouds, and applications to find exploitable weaknesses, validate fixes, and prioritize risks. The company serves Fortune 500, government, and mid-market organizations seeking proactive defense without manual red teams.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.