Security Researcher

Silverfort is on a mission to bring identity security everywhere – to every human, machine, and AI agent, both on-prem and in the cloud. Our unique technology secures identities & access at runtime, in ways that weren’t possible before. With the broadest identity security platform in the market, trusted by more than 1,000 customers, including many Fortune 100 companies, Silverfort is uniquely positioned to lead the fast-growing identity security category.

Joining Silverfort means becoming part of a fast-moving team with a culture of innovation and collaboration, that goes above and beyond to help our customers and each other, on a journey to reshape the future of identity security.

We are hiring a Security Researcher to join us. As a Security Researcher, you'll play a crucial role in leading and positioning Silverfort as an identity security leader. By conducting deep original vulnerability research on web applications, SaaS platforms, and identity systems, with focus on Identity for AI, including AI agents, automation, and non-human identities. This role has a direct impact on the product, and the researcher is expected to innovate and conduct thorough vulnerability research by leveraging state-of-the-art tools and methodologies. It is expected to finalize productions and coordinate their execution with multiple departments. 

• Initiate and conduct cloud research initiatives: stay current with the threat landscape to identify trends in cloud infrastructure security, threat actors, novel attack techniques, and vulnerabilities in cloud-based and cloud native environments and workloads
• Research sophisticated threats and vulnerabilities in cloud provider infrastructure and containerized applications and workloads, in the context of identity security
• Develop PoCs, tools, and scripts to automate vulnerability discovery and validation
• Collaborate with Product and Engineering teams to turn research into productized features
• Provide cloud security thought leadership: share insights and best practices with the broader security community through publications, conference presentations, and technical blogs
• Conduct offensive simulations to build realistic attack scenarios and assess and communicate their business impact

• 3+ years of experience in Offensive Security, Vulnerability Research, or Web Application Security
• Strong web hacking background with a deep understanding of web application and API vulnerabilities, including server-side, client-side, authentication, and business logic flaws
• Hands-on experience with industry-standard tools such as Burp Suite, fuzzers, debuggers, and reverse engineering frameworks
• Deep understanding of Internet and application protocols (for example, HTTP, TLS, DNS, WebSocket), including hands-on protocol analysis and deep packet inspection (Wireshark, custom dissectors, traffic interception)
• Proven, publicly verifiable track record of vulnerability discovery, such as CVEs, vendor advisories, bug bounty disclosures, or independent findings. Technical details must exist online and be attributable to the researcher
• Strong English communication and writing skills, with the ability to produce clear technical outputs for internal and external audiences
• Public technical writing, including personal blog, guest posts, conference talks, or coverage of the research by others

Advantages 

• Knowledge of authentication and authorization protocols (OAuth, OIDC, SAML, Kerberos)
• Familiarity with cloud providers (AWS, GCP, Azure)
• Container and Kubernetes security
• Familiarity with AI systems, AI security, and model behavior
• Knowledge of reverse engineering or malware analysis 
• Conference speaking experience