Security Researcher

Description:

Silverfort is on a mission to bring identity security everywhere – to every human, machine, and AI agent, both on-prem and in the cloud. Our unique technology secures identities & access at runtime, in ways that weren’t possible before. With the broadest identity security platform in the market, trusted by more than 1,000 customers, including many Fortune 100 companies, Silverfort is uniquely positioned to lead the fast-growing identity security category.

Joining Silverfort means becoming part of a fast-moving team with a culture of innovation and collaboration, that goes above and beyond to help our customers and each other, on a journey to reshape the future of identity security.

We are hiring a Security Researcher to join us. As a Security Researcher, you will play a crucial role in leading and positioning Silverfort as an identity security leader. You will conduct deep, innovative security research on cloud infrastructure and SaaS applications, with a focus on identity security in the AI era, such as AI agents, automation, and non human identities. This role has a direct impact on the product, and the researcher is expected to innovate and conduct thorough vulnerability research using state of the art tools and methodologies. You will be expected to finalize research deliverables and coordinate execution with multiple departments.

• Initiate and conduct cloud research initiatives: stay current with the threat landscape to identify trends in cloud infrastructure security, threat actors, novel attack techniques, and vulnerabilities in cloud-based and cloud native environments and workloads
• Research sophisticated threats and vulnerabilities in cloud provider infrastructure and containerized applications and workloads, in the context of identity security
• Develop PoCs, tools, and scripts to automate vulnerability discovery and validation
• Collaborate with Product and Engineering teams to turn research into productized features
• Provide cloud security thought leadership: share insights and best practices with the broader security community through publications, conference presentations, and technical blogs
• Conduct offensive simulations to build realistic attack scenarios and assess and communicate their business impact

• 3+ years of experience in cloud security research or offensive security research
• Proven track record of conducting vulnerability research and responsibly disclosing impactful security vulnerabilities, demonstrated via public advisories (CVE/CSA), write-ups, or equivalent examples
• Strong understanding of at least one major cloud provider (AWS, GCP, Azure)
• Knowledge of at least one SaaS authentication protocol (SAML, OIDC, OAuth)
• Strong programming skills (Python preferred), including the ability to develop research tools
• Ability to simulate complex cloud attack paths and threat scenarios end to end
• Ability to work cross functionally with Product and R&D teams
• Strong English communication and writing skills, with the ability to produce clear technical outputs for internal and external audiences
• Practical experience attacking or defending cloud environments
• Ability to leverage AI assisted research workflows and modern tooling, while maintaining strong validation and verification discipline

Advantages

• Familiarity with AI systems, AI security, and model behavior
• Experience with web hacking and application security, including XSS, SSRF, CSRF, SQL injection, deserialization issues, and authentication and session flaws
• Knowledge of reverse engineering and or malware analysis
• Prior experience publishing research and speaking at conferences