First look at $\operatorname{SHA3}(S)$
$\operatorname{SHA3}$ is a cryptographic hash function built for pre-image, secondary pre-image, and collision resistance. If you use $\operatorname{SHA3}-512$ then you will get 512-bit first and second pre-image resistance and 256-bit collision resistance.
In your case, the pre-image resistance is important and the success of finding the pre-image is a negligible event. On average the attacker needs to try $2^{512}$ different inputs to find a pre-image.
The only problematic case here is the size of the secret. If the secret is smaller the 512-bit then the pre-image security is not 512-bit, it is $= \min\{512,bitLen(secret)\}$ since the attacker needs to search only this space. Therefore keep the secret at least larger than 256‡ bit to achieve at least 256-bit security.
$h = \operatorname{SHA3}(K + \operatorname{SHA3}(S))$
The attacher gets the $K$ and $h$. As above, this time with full pre-image (512-bit) resistance will prevent the attacker to get $SHA3(S)$ yet alone accessing $S$. However, they can still search for $S$ so still, we have $ \min\{512,bitLen(secret)\}$ security. Good secret size for $S$ is required, again.
Even a single $\operatorname{SHA3}$ call is enough, the double $\operatorname{SHA3}$ call is overkill with a good key (secret) size.
Your construction is similar to HMAC where the double hash is used since MD hash functions are vulnerable to length extension attacks. SHA3, on the other hand, has resistance to this like BLAKE2.
There is already MAC construction from SHA3 called KMAC which is in simple terms thanks to resistance to length extension attacks
$$\operatorname{KMAC}(key,m) = \operatorname{SHA3}( key\mathbin\|m)$$
in your notation
$$\operatorname{KMAC}(S,K) = \operatorname{SHA3}( S\mathbin\|K)$$
This is secure a secure MAC and doesn't reveal the key to the attacker by any means. You can simply use KMAC to achieve what you want with a good key size!
‡Some may argue that 128-bit security is enough. However, future developments like Cryptographical Quantum computers are a threat to 128-bit pre-images of hash functions and as a countermeasure to multi-target attacks, too, one should use at least 256-bit security.