Silverfort is a cyber-security startup that develops a revolutionary identity protection platform. Using patented technology, our product enables strong authentication across entire corporate networks and cloud environments, without any modifications to endpoints and servers. In addition, we use advanced behavior analytics to apply adaptive authentication policies and prevent cyber-attacks in real time.
Our mission is to provide industry-leading unified identity protection solutions for hybrid and multi-cloud environments. We develop cutting-edge cybersecurity technology that solves urgent customer needs today and is also a game changer for years to come.
Silverfort’s team includes exceptional researchers, engineers, and technology experts who successfully tackle some of the most complex challenges in cyber-security. Silverfort has happy customers worldwide, strong market validation (including several industry awards), strategic partnerships with the largest security vendors in the world, and significant funding from leading VCs.
We’re looking for a talented Threat Hunting & Incident Response Analyst to join our growing Identity Threat Hunting and Response Team. This role offers a unique opportunity to specialize in detecting, investigating, and simulating identity-based threats—where traditional security tools often fall short.
While most threat hunters focus on endpoints, networks, or malware, your mission will be to track adversaries through identity systems—from Active Directory and cloud IdPs to complex authentication and authorization flows across hybrid environments. You’ll support enterprise investigations, help build detection capabilities, and work with security teams around the world to secure their most critical access pathways.
This role combines hands-on investigation work with deep technical analysis. You'll leverage behavioral analytics, authentication telemetry, and large-scale identity data to detect stealthy threat campaigns. You’ll also contribute to detection logic development, attack simulation efforts, and customer-facing research.
Responsibilities
Identity Threat Hunting
- Assist in proactive threat hunting efforts focused on identity misuse, credential abuse, and lateral movement.
- Analyze authentication data and behavioral signals to identify abnormal or malicious activity.
- Help validate hypotheses by working with large-scale identity telemetry using tools like SQL and Python.
- Collaborate with senior team members to refine hunting methodologies and expand detection coverage.
Incident Response Support
- Contribute to ongoing investigations involving identity system compromises across enterprise environments.
- Analyze logs and telemetry from systems like AD, Azure AD, and SaaS IdPs to understand attacker behavior.
- Support triage, containment, and remediation.
- Assist with customer communications and technical documentation related to identity incidents.
Detection Engineering & R&D
- Support simulations of identity-based attacks (e.g., token theft, OAuth abuse, SAML manipulation) to stress-test security controls and generate detections
- Contribute detection logic, investigation playbooks, and forensic methodologies aligned to the MITRE ATT&CK framework
- Work with engineering teams to enhance telemetry, automate investigations, and improve product capabilities
Technical Analysis & Reporting
- Help analyze complex identity activity across multiple systems to support investigations and detections.
- Prepare concise and structured technical documentation for internal teams and customer engagements.
- Contribute to knowledge sharing by supporting development of internal tools, guides, and investigative workflows.
- Support ongoing enhancements to investigative capabilities by contributing technical feedback and improvement ideas.
Requirements
- 3+ years of experience in incident response, compromise assessments, and threat hunting,
- Deep understanding of identity systems and protocols (AD, Azure AD, Okta, SAML, OAuth, Kerberos, etc.)
- Experience with identity-focused threats and the TTPs adversaries use to exploit authentication and authorization processes
- Strong skills in data-driven investigation using tools like SQL, Python (Pandas), and modern data platforms (e.g., Snowflake)
Strongly Preferred
- Familiarity with tools such as SIEM, EDR, SOAR, and identity posture management platforms.
- Experience contributing to or developing detection methodologies.
- Exposure to detection engineering or security product development.
- Research, blogs, or conference presentations related to identity-based threats.
- Ability to work cross-functionally with product, engineering, and business teams.
- Security certifications (e.g., GCIH, GCFA, Azure/AWS security) are a plus.
