Threat Hunting & Incident Response Analyst – Identity

Description

Silverfort is a cybersecurity startup that develops a revolutionary identity protection platform. Using patented technology, our product enables strong authentication across entire corporate networks and cloud environments, without any modifications to endpoints and servers. In addition, we use advanced behavior analytics to apply adaptive authentication policies and prevent cyberattacks in real time.

Our mission is to provide industryleading unified identity protection solutions for hybrid and multicloud environments. We develop cuttingedge cybersecurity technology that solves urgent customer needs today and is also a game changer for years to come.

Silverfort’s team includes exceptional researchers, engineers, and technology experts who successfully tackle some of the most complex challenges in cybersecurity. Silverfort has happy customers worldwide, strong market validation (including several industry awards), strategic partnerships with the largest security vendors in the world, and significant funding from leading VCs.

We’re looking for a talented Threat Hunting & Incident Response Analyst to join our growing Identity Threat Hunting and Response Team. This role offers a unique opportunity to specialize in detecting, investigating, and simulating identitybased threats—where traditional security tools often fall short.

While most threat hunters focus on endpoints, networks, or malware, your mission will be to track adversaries through identity systems—from Active Directory and cloud IdPs to complex authentication and authorization flows across hybrid environments. You’ll support enterprise investigations, help build detection capabilities, and work with security teams around the world to secure their most critical access pathways.

This role combines handson investigation work with deep technical analysis. Youll leverage behavioral analytics, authentication telemetry, and largescale identity data to detect stealthy threat campaigns. You’ll also contribute to detection logic development, attack simulation efforts, and customerfacing research.

Responsibilities

Identity Threat Hunting

• Assist in proactive threat hunting efforts focused on identity misuse, credential abuse, and lateral movement.
• Analyze authentication data and behavioral signals to identify abnormal or malicious activity.
• Help validate hypotheses by working with largescale identity telemetry using tools like SQL and Python.
• Collaborate with senior team members to refine hunting methodologies and expand detection coverage.

• Incident Response Support

  • Contribute to ongoing investigations involving identity system compromises across enterprise environments.
  • Analyze logs and telemetry from systems like AD, Azure AD, and SaaS IdPs to understand attacker behavior.
  • Support triage, containment, and remediation.
  • Assist with customer communications and technical documentation related to identity incidents.

  • Detection Engineering & R&D

    • Support simulations of identitybased attacks (e.g., token theft, OAuth abuse, SAML manipulation) to stresstest security controls and generate detections
    • Contribute detection logic, investigation playbooks, and forensic methodologies aligned to the MITRE ATT&CK framework
    • Work with engineering teams to enhance telemetry, automate investigations, and improve product capabilities

    • Technical Analysis & Reporting

      • Help analyze complex identity activity across multiple systems to support investigations and detections.
      • Prepare concise and structured technical documentation for internal teams and customer engagements.
      • Contribute to knowledge sharing by supporting development of internal tools, guides, and investigative workflows.
      • Support ongoing enhancements to investigative capabilities by contributing technical feedback and improvement ideas.

      • 
        

        
        

        Requirements

        • 3+ years of experience in incident response, compromise assessments, and threat hunting,
        • Deep understanding of identity systems and protocols (AD, Azure AD, Okta, SAML, OAuth, Kerberos, etc.)
        • Experience with identityfocused threats and the TTPs adversaries use to exploit authentication and authorization processes
        • Strong skills in datadriven investigation using tools like SQL, Python (Pandas), and modern data platforms (e.g., Snowflake)

        • Strongly Preferred

          • Familiarity with tools such as SIEM, EDR, SOAR, and identity posture management platforms.
          • Experience contributing to or developing detection methodologies.
          • Exposure to detection engineering or security product development.
          • Research, blogs, or conference presentations related to identitybased threats.
          • Ability to work crossfunctionally with product, engineering, and business teams.
          • Security certifications (e.g., GCIH, GCFA, AzureAWS security) are a plus.
          •