Senior Principal Threat Researcher

Saviynt's AI-powered identity platform manages and governs human and non-human access to all of an organization's applications, data, and business processes. Customers trust Saviynt to safeguard their digital assets, drive operational efficiency, and reduce compliance costs. Built for the AI age, Saviynt is today helping organizations safely accelerate their deployment and usage of AI. Saviynt is recognized as the leader in identity security, with solutions that protect and empower the world’s leading brands, Fortune 500 companies and government institutions. For more information, please visit www.saviynt.com.

Saviynt is seeking a visionary and highly technical Principal Threat Researcher to pioneer the future of Identity Threat Detection and Response (ITDR). In this senior-level role, you will be a cornerstone of our broader Threat Research Team, working in lockstep with Product Management and Engineering to architect and deliver Saviynt’s next-generation ITDR product.

You will lead from the front, anticipating how threat actors exploit infrastructure, and translating those insights into industry-leading detection capabilities and thought leadership.

• →

  Threat Intelligence Pivoting: Tracing connections between seemingly unrelated data points (e.g., IPs, domain names, hashes) to attribute attacks to specific threat actors or Advanced Persistent Threats (APTs).

• →

  Security Frameworks: Applying industry models to classify and map adversary behavior, such as the MITRE ATT&CK framework, ATLAS, and MAESTRO.

• →

  Attack Vectors: Knowledge of Identity based attacks such as Pass-the-Hash/Ticket, Golden/Silver Tickets, MFA Fatigue (Prompt Bombing), Token Theft, Kerberosting and Credential Stuffing.

• →

  Adversary Tradecraft: Familiarity with tools threat actors use to map and exploit identity environments, such as Mimikatz, BloodHound, Rubeus

• →

  Vulnerability & Exploit Research: Assessing zero-day flaws, evaluating proof-of-concept (PoC) exploits, and testing patching strategies.

• →

  Programming & Scripting: Familiarity with scripting and programming languages (e.g., Python, Go, Bash) to help rapidly engineer complex detection algorithms and prototype innovative feature proof-of-concepts (POCs).

• →

  Data Mining & OSINT: Gathering threat intelligence from various sources like Open Source Intelligence (OSINT), dark web forums, threat feeds, and internal telemetry.

• →

  Rule/Signature Development: Creating custom detection logic for monitoring platforms (e.g., building YARA or Snort rules), experience writing detection logic using SIEM query languages (Splunk SPL, KQL) or universal formats like Sigma.

• →

  AI/ML in Threat Research: Working knowledge of leveraging Artificial Intelligence and Machine Learning technologies to aid in threat research, scale threat hunting capabilities, or improve the fidelity of detection mechanisms, Agentic AI usage and understanding of the upcoming Agentic AI threats. 

• →

  A Portfolio of Excellence: A demonstrated track record of thought leadership, including published white papers, popular cybersecurity blogs, conference speaking engagements, patents, or acknowledged CVEs.

• →

  Cross-Functional Leadership Skills: Exceptional communication skills with the proven ability to distill complex, highly technical research into clear, actionable requirements for Product Management and Engineering teams.

• →

  Algorithmic Prototyping: Good-to-have skills in developing and prototyping complex detection algorithms, familiarity with advanced query languages used in data analysis.

• →

  Identity Security Expertise: Understanding of Identity and Access Management (IAM), Privileged Access Management (PAM), and cloud identity architectures (AWS IAM, Azure AD/Entra ID, GCP Cloud Identity, Active Directory). Understanding how identity works in AWS (IAM Roles, Policies), GCP (Cloud Identity), and Azure

• →

  Logistical Flexibility:  

  • →

    Willing to work in a Hybrid model from our Bengaluru office.

  • →

    Willingness to undertake some travel globally based on business requirements, industry conferences, and strategic team syncs.

Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work that directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!