Senior Manager, Attack Engineering

Posted Yesterday
Be an Early Applicant
Hiring Remotely in US
Remote
235K-280K Annually
Senior level
Artificial Intelligence • Cybersecurity
The Role
Lead and scale an External Attack Engineering team to design, validate, and productize offensive capabilities targeting public-facing infrastructure, SaaS, and identity-driven attack surfaces. Own technical strategy, mentor engineers, drive discovery-to-verification attack methodologies, partner with Product to translate findings into platform features, engage customers, and ensure production-safe, high-signal capabilities aligned with modern attacker tradecraft.
Summary Generated by Built In

Get to Know Us

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find and fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by ITOps/SecOps teams, consulting pentesters, and MSSPs and MSPs. 

We are a fusion of former U.S. Special Operations cyber operators, startup engineers, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools, false positives resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results.

 

Summary

We’re seeking an experienced Engineering Manager to lead our External Attack Engineering organization. In this role, you’ll oversee a team responsible for designing, validating, and scaling offensive capabilities within the NodeZero platform targeting the modern external attack surface, including public-facing infrastructure, SaaS platforms, and externally-facing enterprise commercial software.

You’ll operate at the intersection of offensive security, engineering, and product, driving both hands-on technical direction and strategic execution. This leader will ensure our external attack capabilities reflect real-world attacker tradecraft while remaining production-safe, high-signal, and impactful for customers.

Ideal candidates bring a strong mix of technical depth, leadership experience, and product mindset, and are excited to build and scale a team shaping the future of autonomous offensive security.

Essential FunctionsLeadership & Team Development
  • Lead and grow a team of Attack and Full-Stack Engineers specializing in the External Attack Surface, including Commercial and SaaS platform.

  • Set technical direction, priorities, and quality standards for external offensive capabilities.

  • Mentor engineers and raise the bar for offensive rigor, delivery quality, and customer-facing clarity.

  • Drive hiring and organizational scaling as the External Attack team expands.

External Attack Strategy & Execution (Hack, Fix, Verify, Repeat)
  • Own offensive strategy across:

    • External and Public-facing platforms and infrastructure

    • Enterprise SaaS and externally-facing enterprise commercial software

    • Identity, SaaS providers, and enterprise platform layers

  • Guide development of end-to-end attack methodologies (Discovery → verification):

    • Drive continuous, at-scale discovery of public-facing external assets.

    • Evaluate identity-centric threats by leveraging dark web and open-source intelligence to simulate credential compromise and phishing consequences.

    • Implement stealth-oriented authentication and password testing methodologies reflecting modern attacker tradecraft.

    • Simulate access abuse and data exfiltration across critical SaaS-based knowledge and information management ecosystems.

  • Ensure NodeZero capabilities are realistic, production-safe, and aligned with modern attacker tradecraft.

Product & Cross-Functional Partnership
  • Partner with Product and Design to translate field insights into prioritized roadmap input and productized capabilities.

  • Create tight feedback loops between real-world attack findings and platform evolution.

  • Help define next-generation attack surfaces across cloud and AI systems.

  • Own the UI/UX and product design for the external attack surface and perimeter breach scenarios, including simplifying the configuration of attack operations and developing visualizations that translate complex attack paths into clear, actionable storytelling regarding customer risk, exploitability, and findings.

Customer & External Impact
  • Oversee high-impact customer engagements and technical briefings.

  • Ensure clear articulation of exploitability, business impact, and remediation.

  • Contribute to external content such as blogs, demos, and thought leadership where appropriate.

Competencies / RequirementsLeadership
  • 5+ years leading offensive security, red team, or attack engineering teams.

  • Experience managing teams of 6–10+ engineers and scaling organizations.

  • Proven ability to balance hands-on technical depth with strategic leadership.

External Attack Surface Expertise
  • Strong expertise in one or more:

    • External/Public-facing infrastructure attack surfaces

    • Enterprise SaaS platforms and externally-facing enterprise commercial software

    • Identity and access abuse across diverse ecosystems

  • Deep understanding of:

    • Common misconfigurations and exploitation paths in external platforms

    • System-level compromise and lateral movement in externally-facing enterprise commercial software

    • Complex multi-platform attack scenarios

  • Ability to chain attack paths end-to-end and clearly explain impact.

Technical / Engineering Fluency
  • Strong background in software engineering (Python preferred). Experience with APIs, cloud automation, and infrastructure tooling.

  • Familiarity with CI/CD and infrastructure-as-code (Terraform, CloudFormation, etc.).

  • Comfortable working with Git, MR workflows, and product development cycles.

Product + Customer Orientation
  • Experience translating offensive findings into product capabilities.

  • Strong communication skills across technical and non-technical audiences.

  • Customer-first mindset with focus on real-world impact.

Desired Skills
  • Experience across diverse environments, including cloud infrastructure, enterprise SaaS, and externally-facing enterprise commercial software.

  • Familiarity with AI/LLM systems and associated attack surfaces.

  • Experience in security tooling, red teaming, or offensive engineering products.

  • Relevant security certifications (e.g., OSCP, cloud or SaaS security) are a plus.

  • Public research, blogs, or open-source contributions related to external attack surfaces.

Expectations
  • Highly self-directed and effective in ambiguous environments.

  • Able to operate at both strategic and hands-on technical levels.

  • Maintains high standards for quality, safety, and customer trust.

  • Strong cross-functional partner across Engineering, Product, and GTM.

  • Manage an on-call rotation for the team, ensuring appropriate coverage and response to critical incidents.

 
Travel Required

This job may require up to 10% travel.

 

Perks of Horizon3.ai

  • Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.

  • Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.

  • Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.

  • Hybrid & Remote Work: We embrace a mix of remote and hybrid work models depending on role and location, including our Chicago office, where some roles require regular in-office presence.

  • Competitive Compensation: We offer competitive salary, equity and benefits. Our benefits include health, vision & dental insurance for you and your family, a flexible vacation policy, and generous parental leave.

Compensation and Values

At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Our compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.

In accordance with various State’s transparency regulations, we provide the following salary range information for this position:

  • Base salary range: $235,000 - $280,000 annually. The exact salary will be determined based on the selected candidate’s location, qualifications, experience, and relevant skills.

  • Additional compensation: All full-time roles are eligible for an equity package in the form of stock options.

You Belong Here

Horizon3 is not just an equal opportunity employer - we are a community that values diversity, equity, and inclusion as fundamental principles of our culture and success. We are dedicated to fostering a workplace where everyone feels welcome and respected, regardless of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, or any other legally protected status by law.

Our commitment to diversity and inclusion means we strive to attract, develop, and retain a workforce that reflects the varied communities we serve. We believe that diverse perspectives drive innovation and strengthen our ability to create cutting-edge cybersecurity solutions. At Horizon3, every team member is valued and supported in an environment that encourages personal and professional growth.

We welcome candidates from all backgrounds and experiences, and we encourage all qualified individuals to apply. Come be a part of Horizon3, where your unique contributions are recognized, and your potential is limitless.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice. 

Application Note

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

Skills Required

  • 5+ years leading offensive security, red team, or attack engineering teams.
  • Experience managing teams of 6-10+ engineers and scaling organizations.
  • Strong expertise in external/public-facing infrastructure, enterprise SaaS platforms, or identity and access abuse.
  • Strong background in software engineering.
  • Python (preferred).
  • Familiarity with CI/CD and infrastructure-as-code (Terraform, CloudFormation, etc.).
  • Comfortable working with Git, merge request workflows, and product development cycles.
  • Experience translating offensive findings into product capabilities and clear customer-facing artifacts.
  • Strong communication skills across technical and non-technical audiences.
  • Ability to manage an on-call rotation and respond to critical incidents.
  • Familiarity with AI/LLM systems and associated attack surfaces.
  • Experience in security tooling, red teaming, or offensive engineering products.
  • Relevant security certifications (e.g., OSCP, cloud or SaaS security) are a plus.
  • Public research, blogs, or open-source contributions related to external attack surfaces.

Horizon3.ai Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Horizon3.ai and has not been reviewed or approved by Horizon3.ai.

  • Fair & Transparent Compensation Pay is considered competitive across key roles, with employer language and role ranges positioning compensation as market-aligned. Feedback suggests compensation is viewed favorably, particularly in technical positions.
  • Equity Value & Accessibility Equity is positioned as a core part of total rewards, with stock options broadly available to full-time employees. Feedback suggests equity and related programs enhance overall compensation.
  • Leave & Time Off Breadth Time off is described as at least four weeks plus generous holidays and vacation packages globally. Feedback suggests this breadth of leave contributes to positive perceptions of total rewards.

Horizon3.ai Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: San Francisco, CA
107 Employees
Year Founded: 2019

What We Do

Horizon3.ai's mission is to help you find and fix attack vectors before attackers can exploit them. NodeZero, our autonomous penetration testing solution, enables organizations to continuously assess the security posture of their enterprise, including external, identity, on-prem, IoT, and cloud attack surfaces. Like APTs, ransomware, and other threat actors, our algorithms discover and fingerprint your attack surface, identifying the ways exploitable vulnerabilities, misconfigurations, harvested credentials, and dangerous product defaults can be chained together to facilitate a compromise. NodeZero is a true self-service SaaS offering that is safe to run in production and requires no persistent or credentialed agents. You will see your enterprise through the eyes of the attacker, identify your ineffective security controls, and ensure your limited resources are spent fixing problems that can actually be exploited. Founded in 2019 by industry, US Special Operations, and US National Security veterans, Horizon3.ai is headquartered in San Francisco, CA, and made in the USA.

Similar Jobs

CrowdStrike Logo CrowdStrike

Public Relations Manager

Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
Remote or Hybrid
USA
11000 Employees
110K-160K Annually

Pluralsight Logo Pluralsight

Architect

Edtech • Information Technology • Software
Remote or Hybrid
USA
1000 Employees
165K-220K Annually

Pager Health Logo Pager Health

Vice President, Sales

Artificial Intelligence • Healthtech • Mobile • Software • Telehealth • Generative AI
Remote
US
366 Employees

Optum Logo Optum

Associate Director, Surest Benefit Strategist - Remote

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office or Remote
Minnetonka, MN, USA
160000 Employees
113K-193K Annually

Similar Companies Hiring

Legora Thumbnail
Artificial Intelligence • Legal Tech • Software
Chicago, Illinois
700 Employees
Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account