Required Senior Security Researcher – Identity – Security Automation (Cortex)
Your Career
Are you passionate about advancing automation in identity security? Do you thrive at the intersection of research, innovation, and large-scale impact? As a Senior Security Researcher, you will drive the design of autonomous response strategies to counter identity-based threats, misconfigurations, and abuse scenarios. Your research will directly shape the Cortex platforms ability to remediate identity-driven attacks, ensuring effective, safe, and scalable automation for our customers. You will collaborate with world-class researchers and engineers to deliver on the vision of the Autonomous SOC.
Your Impact
Lead the design and implementation of robust, testable, and safe remediation playbooks for identity-related threats (e.g., privilege escalation, credential abuse, lateral movement, IAM misconfigurations).
Conduct deep research on adversary TTPs targeting identity systems and translate insights into automated detection and response mechanisms.
Drive innovation in identity security automation by applying data analysis, modeling, and programming to refine remediation strategies.
Serve as a subject-matter expert and mentor within the research group, elevating the teams overall expertise in identity security.
Stay ahead of evolving identity-based attack vectors, cloud-native identity risks, and advanced adversary tradecraft to ensure our automation keeps pace with threats.
Your Career
Are you passionate about advancing automation in identity security? Do you thrive at the intersection of research, innovation, and large-scale impact? As a Senior Security Researcher, you will drive the design of autonomous response strategies to counter identity-based threats, misconfigurations, and abuse scenarios. Your research will directly shape the Cortex platforms ability to remediate identity-driven attacks, ensuring effective, safe, and scalable automation for our customers. You will collaborate with world-class researchers and engineers to deliver on the vision of the Autonomous SOC.
Your Impact
Lead the design and implementation of robust, testable, and safe remediation playbooks for identity-related threats (e.g., privilege escalation, credential abuse, lateral movement, IAM misconfigurations).
Conduct deep research on adversary TTPs targeting identity systems and translate insights into automated detection and response mechanisms.
Drive innovation in identity security automation by applying data analysis, modeling, and programming to refine remediation strategies.
Serve as a subject-matter expert and mentor within the research group, elevating the teams overall expertise in identity security.
Stay ahead of evolving identity-based attack vectors, cloud-native identity risks, and advanced adversary tradecraft to ensure our automation keeps pace with threats.
Requirements:
Extensive background in identity security, including areas such as Active Directory, Azure AD, SSO, federation protocols, and identity lifecycle management.
Proven expertise in at least one of the following: incident response, red teaming, advanced detection research, or identity threat hunting.
Hands-on experience with cloud identity platforms and services (e.g., AWS IAM, Azure AD, GCP IAM) and their security controls.
Proficiency in Python, with practical experience building security automations, detection rules, or SOAR playbooks.
Experience using SQL or other query languages for large-scale data analysis to support research and validation of remediation approaches.
Strong analytical mindset, independent thinking, and proven ability to lead cross-functional collaboration.
Advantages
Experience with big data platforms (e.g., GCP BigQuery, AWS Athena, Snowflake) to analyze large-scale identity telemetry.
Familiarity with Cortex XSIAM, XDR, SOAR, or similar platforms that integrate detection and response.
Deep knowledge of identity-focused adversary techniques, including pass-the-hash, Golden/Silver tickets, SAML manipulation, and cloud identity abuse.
Experience with machine learning or AI-driven approaches to identity analytics and anomaly detection.
Demonstrated leadership in publishing, mentoring, or community contributions in the identity security research domain.
Extensive background in identity security, including areas such as Active Directory, Azure AD, SSO, federation protocols, and identity lifecycle management.
Proven expertise in at least one of the following: incident response, red teaming, advanced detection research, or identity threat hunting.
Hands-on experience with cloud identity platforms and services (e.g., AWS IAM, Azure AD, GCP IAM) and their security controls.
Proficiency in Python, with practical experience building security automations, detection rules, or SOAR playbooks.
Experience using SQL or other query languages for large-scale data analysis to support research and validation of remediation approaches.
Strong analytical mindset, independent thinking, and proven ability to lead cross-functional collaboration.
Advantages
Experience with big data platforms (e.g., GCP BigQuery, AWS Athena, Snowflake) to analyze large-scale identity telemetry.
Familiarity with Cortex XSIAM, XDR, SOAR, or similar platforms that integrate detection and response.
Deep knowledge of identity-focused adversary techniques, including pass-the-hash, Golden/Silver tickets, SAML manipulation, and cloud identity abuse.
Experience with machine learning or AI-driven approaches to identity analytics and anomaly detection.
Demonstrated leadership in publishing, mentoring, or community contributions in the identity security research domain.
This position is open to all candidates.
