Company Name: Silverfort

Job Details: Hiring,Remotely,in,United,States,Remote,Senior,level

Job Url: https://builtin.com/job/threat-hunting-incident-response-lead-identity/6662579

Job Description: DescriptionSilverfort is a cyber-security startup that develops a revolutionary identity protection platform. Using patented technology, our product enables strong authentication across entire corporate networks and cloud environments, without any modifications to endpoints and servers. In addition, we use advanced behavior analytics to apply adaptive authentication policies and prevent cyber-attacks in real time.Our mission is to provide industry-leading unified identity protection solutions for hybrid and multi-cloud environments. We develop cutting-edge cybersecurity technology that solves urgent customer needs today and is also a game changer for years to come.Silverfort’s team includes exceptional researchers, engineers, and technology experts who successfully tackle some of the most complex challenges in cyber-security. Silverfort has happy customers worldwide, strong market validation (including several industry awards), strategic partnerships with the largest security vendors in the world, and significant funding from leading VCs.We’re looking for a founding member of our Identity Threat Hunting & Incident Response (IR) team a rare opportunity to define and lead a capability focused on uncovering and stopping sophisticated identity-based threats where traditional security tools fall short.While most threat hunters focus on endpoints, networks, or malware, your mission will be to track adversaries through identity systems from Active Directory and cloud IdPs to authentication and authorization flows across hybrid environments. You’ll lead investigations into real-world intrusions, build detection strategies, simulate advanced identity attacks, and work directly with global enterprises to secure their most critical access pathways.This role combines deep, hands-on technical investigation with high-impact strategic work. You’ll leverage behavioral analytics, authentication telemetry, and large-scale identity data to detect stealthy campaigns. You’ll also help shape detection logic, improve investigative capabilities, and contribute thought leadership through attack simulations, research, and direct customer engagement.            
            ResponsibilitiesIdentity Threat HuntingProactively hunt for advanced identity threats by analyzing authentication patterns, access anomalies, and behavioral signals across on-prem and cloud environmentsBuild detection hypotheses and validate them using SQL, Python, and large-scale behavioral data (Snowflake, Pandas, etc.)Uncover stealthy campaigns involving credential misuse, session hijacking, abuse of trust relationships, and identity-based lateral movementIncident Response LeadershipLead high-impact investigations involving Active Directory, Azure AD, cloud IdPs, and SaaS identity systemsDeliver comprehensive IR support from triage and containment to root cause analysis and remediation planningCollaborate closely with customer teams to respond to identity intrusions across complex enterprise environmentsDetection Engineering & R&DSimulate identity-based attacks (e.g., token theft, OAuth abuse, SAML manipulation) to stress-test security controls and generate detectionsContribute detection logic, investigation playbooks, and forensic methodologies aligned to the MITRE ATT&CK frameworkWork with engineering teams to enhance telemetry, automate investigations, and improve product capabilitiesBusiness DevelopmentPartner with sales and customer success teams to deliver live threat assessments, demonstrate platform value, and support technical conversations during pre-salesAssist in shaping the go-to-market strategy for identity security services and incident response offeringsRepresent the company in strategic customer engagements, offering expert insights on identity security risks and mitigation            
            Requirements4+ years of hands-on Incident Response experience, with expertise in containment, forensics, and remediationDeep understanding of identity systems and protocols (AD, Azure AD, Okta, SAML, OAuth, Kerberos, etc.)Experience with identity-focused threats and the TTPs adversaries use to exploit authentication and authorization processesStrong skills in data-driven investigation using tools like SQL, Python (Pandas), and modern data platforms (e.g., Snowflake)Strongly PreferredExperience in leading threat hunting or IR teams and developing new detection methodologiesFamiliarity with industry tools: SIEM, EDR, identity posture management, and SOAR platformsPublicly shared research, blogs, or talks on identity-based threatsAbility to work cross-functionally with product, engineering, and business teams