Threat Hunter & Incident Response Lead- Identity

Silverfort is a cyber-security startup that develops a revolutionary identity protection platform. Using patented technology, our product enables strong authentication across entire corporate networks and cloud environments, without any modifications to endpoints and servers. In addition, we use advanced behavior analytics to apply adaptive authentication policies and prevent cyber-attacks in real time.

Our mission is to provide industry-leading unified identity protection solutions for hybrid and multi-cloud environments. We develop cutting-edge cybersecurity technology that solves urgent customer needs today and is also a game changer for years to come.

Silverfort’s team includes exceptional researchers, engineers, and technology experts who successfully tackle some of the most complex challenges in cyber-security. Silverfort has happy customers worldwide, strong market validation (including several industry awards), strategic partnerships with the largest security vendors in the world, and significant funding from leading VCs.

We’re looking for a founding member of our Identity Threat Hunting & Incident Response (IR) team a rare opportunity to define and lead a capability focused on uncovering and stopping sophisticated identity-based threats where traditional security tools fall short.

While most threat hunters focus on endpoints, networks, or malware, your mission will be to track adversaries through identity systems from Active Directory and cloud IdPs to authentication and authorization flows across hybrid environments. You’ll lead investigations into real-world intrusions, build detection strategies, simulate advanced identity attacks, and work directly with global enterprises to secure their most critical access pathways.

This role combines deep, hands-on technical investigation with high-impact strategic work. You’ll leverage behavioral analytics, authentication telemetry, and large-scale identity data to detect stealthy campaigns. You’ll also help shape detection logic, improve investigative capabilities, and contribute thought leadership through attack simulations, research, and direct customer engagement.

Identity Threat Hunting

• Proactively hunt for advanced identity threats by analyzing authentication patterns, access anomalies, and behavioral signals across on-prem and cloud environments
• Build detection hypotheses and validate them using SQL, Python, and large-scale behavioral data (Snowflake, Pandas, etc.)
• Uncover stealthy campaigns involving credential misuse, session hijacking, abuse of trust relationships, and identity-based lateral movement

Incident Response Leadership

• Lead high-impact investigations involving Active Directory, Azure AD, cloud IdPs, and SaaS identity systems
• Deliver comprehensive IR support from triage and containment to root cause analysis and remediation planning
• Collaborate closely with customer teams to respond to identity intrusions across complex enterprise environments

Detection Engineering & R&D

• Simulate identity-based attacks (e.g., token theft, OAuth abuse, SAML manipulation) to stress-test security controls and generate detections
• Contribute detection logic, investigation playbooks, and forensic methodologies aligned to the MITRE ATT&CK framework
• Work with engineering teams to enhance telemetry, automate investigations, and improve product capabilities

Business Development

• Partner with sales and customer success teams to deliver live threat assessments, demonstrate platform value, and support technical conversations during pre-sales
• Assist in shaping the go-to-market strategy for identity security services and incident response offerings
• Represent the company in strategic customer engagements, offering expert insights on identity security risks and mitigation

• 4+ years of hands-on Incident Response experience, with expertise in containment, forensics, and remediation
• Deep understanding of identity systems and protocols (AD, Azure AD, Okta, SAML, OAuth, Kerberos, etc.)
• Experience with identity-focused threats and the TTPs adversaries use to exploit authentication and authorization processes
• Strong skills in data-driven investigation using tools like SQL, Python (Pandas), and modern data platforms (e.g., Snowflake)

Strongly Preferred

• Experience in leading threat hunting or IR teams and developing new detection methodologies
• Familiarity with industry tools: SIEM, EDR, identity posture management, and SOAR platforms
• Publicly shared research, blogs, or talks on identity-based threats
• Ability to work cross-functionally with product, engineering, and business teams