Manager, Security Engineering, Cloud & AppSec

Manager, Security Engineering, Cloud & AppSec Get to Know Us Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs. We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results. What You’ll Do This role will lead the engineers responsible for securing our Cloud environments and embedding security into the software development lifecycle. The ideal candidate brings strong technical depth in cloud security, practical application security experience, and the ability to partner effectively across engineering, infrastructure, and compliance. By strengthening both our cloud and application security posture, this role will directly support the security, resilience, and scalability of our platform and internal systems. This role will be responsible for….. - Lead, coach, and grow the Security Engineering team, including both Cloud Security Engineers and Application Security Engineers - Set priorities and operating rhythms for the team, balancing strategic security investments, day-to-day engineering support, and incident response - Design and implement security controls across our Cloud environments, such as but not limited to: AWS, Azure, GCP, Digital Ocean, OCI, etc.., including IAM, SCPs, VPC security, S3 bucket policies, security groups, key management, and logging - Continuously monitor and improve cloud posture by managing and tuning services such as GuardDuty, Security Hub, AWS WAF, CloudTrail, and Inspector - Partner with engineering teams to embed security into the SDLC, including secure design reviews, threat modeling, architecture review, and CI/CD security automation - Lead the application security program, including secure coding practices, vulnerability management, developer enablement, and product security reviews - Continuously monitor and improve application security tooling by managing and tuning services such as SonarQube, Dependency Track, ZAproxy, Trufflehog, Trivy, - Build and maintain GitLab CI/CD pipelines and tooling for automated security testing and scanning of cloud resources and applications - Conduct threat modeling, architecture reviews, and risk assessments for cloud deployments, product features, and new systems - Implement security monitoring, secure systems hardening, and detective controls for malicious activity across AWS and application environments - Respond quickly to new and emerging threats and vulnerabilities; support investigations, post-mortem analysis, root cause identification, and preventive actions - Define and enforce identity and access management best practices, including least privilege, federated identity, role-based access control, and automated remediation - Develop and maintain security policies, standards, and procedures aligned to frameworks such as SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CK - Create metrics, reporting, and risk narratives that communicate security posture, trends, and p ... (truncated, view full listing at source)