Senior SecOps & IR Engineer

Description

Silverfort is on a mission to bring identity security everywhere – to every human, machine, and AI agent, both on-prem and in the cloud. Our unique technology secures identities & access at runtime, in ways that weren’t possible before. With the broadest identity security platform in the market, trusted by more than 1,000 customers, including many Fortune 100 companies, Silverfort is uniquely positioned to lead the fast-growing identity security category.

Joining Silverfort means becoming part of a fast-moving team with a culture of innovation and collaboration, that goes above and beyond to help our customers and each other, on a journey to reshape the future of identity security.

We are looking for a Senior Security Operations & Incident Response Engineer to lead day-to-day security operations and incident response, and to own our detection and response stack end-to-end. You will play a key role in advancing our Security Operations roadmap, including implementing and operationalizing a SIEM solution and strengthening our security posture across modern SaaS and cloud environments with an identity-first, practical approach.

Responsibilities

• Lead day-to-day security operations, including monitoring, triage, investigations, incident response, and DFIR activities
• Lead forensic investigations across logs, endpoint telemetry, identity and cloud activity, and network signals; drive post-incident reviews and lessons learned
• Own SIEM, SOAR, and EDR end-to-end: onboard data sources, tune detections, operationalize response playbooks, and drive tool effectiveness
• Make threat hunting a core practice: execute hunts, validate hypotheses, and translate findings into detections and response playbooks
• Design, build, and maintain SOAR workflows and response actions to automate triage and containment, reduce MTTR, and standardize repeatable response outcomes
• Build and maintain clear operational documentation and incident artifacts (runbooks, incident reports, postmortems) to enable repeatable execution and continuous improvement
• Drive continuous improvement across detection quality, alert fidelity, documentation standards, and operational metrics
• Partner with IT, DevOps, and R&D on investigations and remediation to reduce recurrence, close gaps, and strengthen identity and cloud security controls
  
  

• 4+ years of experience in SecOps, Incident Response, SOC, or DFIR in cloud-native or SaaS environments
• Hands-on experience owning and operating SIEM, SOAR, and EDR end-to-end, including detection tuning, correlation, and the alert lifecycle from event to response
• Proven experience leading incident response investigations, including forensics and structured DFIR methodologies
• Hands-on threat hunting experience, including turning findings into repeatable detections and operational playbooks
• Strong understanding of identity security concepts such as IdP, SSO, MFA, and RBAC
• Working knowledge of cloud security fundamentals and common cloud attack patterns across AWS and Azure environments
• Ability to build security automation using Python/Bash and APIs; comfortable with REST APIs and Regex
• Experience operating the Palo Alto Cortex ecosystem (XDR and/or XSOAR) in production, or equivalent enterprise-grade platforms, with the ability to ramp quickly
• Strong planning and problem-solving skills
• Strong communication skills and ability to work effectively in a fast-paced environment
• Team-first collaborator able to work effectively across IT, DevOps, and R&D
  
  

• Experience with cloud incident response across IaaS/PaaS/SaaS
• Strong understanding of identity threat models and modern identity attack techniques
• Experience designing or operating SIEM content and detection engineering at scale
• Familiarity with offensive security techniques, exploit mechanics, and malware behavior