Threat Hunting & Incident Response Lead Identity

Description

Silverfort is a cybersecurity startup that develops a revolutionary identity protection platform. Using patented technology, our product enables strong authentication across entire corporate networks and cloud environments, without any modifications to endpoints and servers. In addition, we use advanced behavior analytics to apply adaptive authentication policies and prevent cyberattacks in real time.

Our mission is to provide industryleading unified identity protection solutions for hybrid and multicloud environments. We develop cuttingedge cybersecurity technology that solves urgent customer needs today and is also a game changer for years to come.

Silverfort’s team includes exceptional researchers, engineers, and technology experts who successfully tackle some of the most complex challenges in cybersecurity. Silverfort has happy customers worldwide, strong market validation (including several industry awards), strategic partnerships with the largest security vendors in the world, and significant funding from leading VCs.

We’re looking for a founding member of our Identity Threat Hunting & Incident Response (IR) team a rare opportunity to define and lead a capability focused on uncovering and stopping sophisticated identitybased threats where traditional security tools fall short.

While most threat hunters focus on endpoints, networks, or malware, your mission will be to track adversaries through identity systems from Active Directory and cloud IdPs to authentication and authorization flows across hybrid environments. You’ll lead investigations into realworld intrusions, build detection strategies, simulate advanced identity attacks, and work directly with global enterprises to secure their most critical access pathways.

This role combines deep, handson technical investigation with highimpact strategic work. You’ll leverage behavioral analytics, authentication telemetry, and largescale identity data to detect stealthy campaigns. You’ll also help shape detection logic, improve investigative capabilities, and contribute thought leadership through attack simulations, research, and direct customer engagement.

Responsibilities

Identity Threat Hunting

• Proactively hunt for advanced identity threats by analyzing authentication patterns, access anomalies, and behavioral signals across onprem and cloud environments
• Build detection hypotheses and validate them using SQL, Python, and largescale behavioral data (Snowflake, Pandas, etc.)
• Uncover stealthy campaigns involving credential misuse, session hijacking, abuse of trust relationships, and identitybased lateral movement

• Incident Response Leadership

  • Lead highimpact investigations involving Active Directory, Azure AD, cloud IdPs, and SaaS identity systems
  • Deliver comprehensive IR support from triage and containment to root cause analysis and remediation planning
  • Collaborate closely with customer teams to respond to identity intrusions across complex enterprise environments

  • Detection Engineering & R&D

    • Simulate identitybased attacks (e.g., token theft, OAuth abuse, SAML manipulation) to stresstest security controls and generate detections
    • Contribute detection logic, investigation playbooks, and forensic methodologies aligned to the MITRE ATT&CK framework
    • Work with engineering teams to enhance telemetry, automate investigations, and improve product capabilities

    • Business Development

      • Partner with sales and customer success teams to deliver live threat assessments, demonstrate platform value, and support technical conversations during presales
      • Assist in shaping the gotomarket strategy for identity security services and incident response offerings
      • Represent the company in strategic customer engagements, offering expert insights on identity security risks and mitigation
      • 
        

        Requirements

        • 4+ years of handson Incident Response experience, with expertise in containment, forensics, and remediation
        • Deep understanding of identity systems and protocols (AD, Azure AD, Okta, SAML, OAuth, Kerberos, etc.)
        • Experience with identityfocused threats and the TTPs adversaries use to exploit authentication and authorization processes
        • Strong skills in datadriven investigation using tools like SQL, Python (Pandas), and modern data platforms (e.g., Snowflake)

        • Strongly Preferred

          • Experience in leading threat hunting or IR teams and developing new detection methodologies
          • Familiarity with industry tools: SIEM, EDR, identity posture management, and SOAR platforms
          • Publicly shared research, blogs, or talks on identitybased threats
          • Ability to work crossfunctionally with product, engineering, and business teams
          •