Threat Hunter / Incident Responder (Founding Team)

About The Position

Silverfort is on a mission to bring identity security everywhere – to every human, machine, and AI agent, both on-prem and in the cloud.

Our unique technology secures identities & access at runtime, in ways that weren’t possible before. With the broadest identity security platform in the market, trusted by more than 1,000 customers including many Fortune 100 companies, Silverfort is uniquely positioned to lead the fast-growing identity security category.

Joining Silverfort means becoming part of a fast-moving team with a culture of innovation and collaboration, that goes above and beyond to help our customers and each other, on a journey to reshape the future of identity security.

We’re launching IRIS (Identity Response & Identity Security)—a new security service organization focused on improving how companies detect, investigate, and respond to identity-centric threats.  

We’re seeking a founding individual contributor to help build IRIS alongside the Head of Threat Hunting & Incident Response. This role is ideal for someone who thrives on solving complex problems, creating new capabilities, being service-oriented, and developing a first-of-its-kind identity security service.  

This is a hands-on, technical position combining research, engineering, analysis, and service creation. You’ll help shape IRIS’s methodologies, tooling, procedures, and long-term offerings. 

Responsibilities

• Contribute to building the IRIS program by helping design operational methodologies, runbooks, investigation frameworks, and detection strategies. 
• Conduct proactive identity-centric threat hunting using Silverfort telemetry and behavioral analytics. 
• Lead and support incident response investigations across hybrid identity environments, including Active Directory, cloud identity providers, SaaS systems, and privileged access flows. 
• Develop detection logic and automation, leveraging SQL, Python/Pandas, and Snowflake to enhance investigation efficiency and analytical depth. 
• Design and execute identity-focused attack simulations that evaluate organizational readiness and support continuous improvement. 
• Research emerging identity threats and produce high-quality analysis, documentation, and internal guidance. 
• Collaborate with Silverfort product and engineering teams to translate field findings into product enhancements and new detection capabilities. 
• Contribute to knowledge sharing, including internal presentations, customer-facing materials, and optional participation in external publications or industry events.

Requirements

• 4+ years of experience in Incident Response, including attack analysis, threat containment, and mitigation 
• Proven expertise in Identity Security, focusing on Active Directory security or Cloud Identity (IdPs, SaaS, IAM) authentication and authorization processes 
• Deep knowledge of adversary TTPs, the MITRE ATT&CK framework, and IR methodologies 
• Strong proficiency in data analysis for threat detection and investigation 
• Excellent communication skills, with fluency in English and Hebrew

Nice to have:

• Prior leadership experience, such as mentoring peers, leading small teams, or driving cross-functional initiatives
• Experience working in fast-growing or early-stage security programs, startups, or greenfield environments
• Experience building automations, enrichment pipelines, or internal investigation tools using Python