Senior Principal Threat Researcher

Saviynt's AI\-powered identity platform manages and governs human and non\-human access to all of an organization's applications, data, and business processes. Customers trust Saviynt to safeguard their digital assets, drive operational efficiency, and reduce compliance costs. Built for the AI age, Saviynt is today helping organizations safely accelerate their deployment and usage of AI. Saviynt is recognized as the leader in identity security, with solutions that protect and empower the world’s leading brands, Fortune 500 companies and government institutions. For more information, please visit www.saviynt.com.

Saviynt is seeking a visionary and highly technical **Principal Threat Researcher** to pioneer the future of Identity Threat Detection and Response (ITDR). In this senior\-level role, you will be a cornerstone of our broader Threat Research Team, working in lockstep with Product Management and Engineering to architect and deliver Saviynt’s next\-generation ITDR product.

You will lead from the front, anticipating how threat actors exploit infrastructure, and translating those insights into industry\-leading detection capabilities and thought leadership.

### **What will you be doing?**

• **Spearhead Identity Threat Research:** Lead advanced research initiatives focused on uncovering and understanding novel identity\-centric vulnerabilities (Human Identity(HI), Non Human Identity(NHI), Agentic Identity) based attack vectors, and exploit chains across hybrid and multi\-cloud environments.
• **Data\-Driven Behavioral Modeling:** Leverage vast telemetry from multi\-cloud environments, disparate data sources, and user activity logs to conduct deep behavioral analysis. You will be a domain expert and work with an extended team to develop and refine sophisticated behavioral models to detect anomalies, uncovering stealthy, suspicious identity threat patterns that bypass traditional signature\-based detection.
• **Drive Product Innovation:** Partner closely with Product Managers and Engineering teams to translate complex threat research into actionable product features, robust detection algorithms, and high\-fidelity telemetry for our next\-generation ITDR platform.
• **Execute Advanced Threat Hunting \& Intelligence:** Conduct proactive threat intelligence gathering and sophisticated threat hunting specifically targeting Identity vulnerabilities (e.g., Active Directory, Entra ID, Okta, PAM, and Cloud IAM misconfigurations).
• **Operationalize Security Frameworks:** Extensively utilize and map research to industry\-standard frameworks, including **MITRE ATT\&CK**, **MITRE ATLAS**, and **MAESTRO**, ensuring our detection strategies comprehensively cover modern adversary Tactics, Techniques, and Procedures (TTPs).
• **Pioneer Detection Engineering:** Architect and develop advanced detection strategies, behavioral baselines, and correlation rules to identify anomalous identity behaviors, privilege escalation, and lateral movement.
• **Establish Thought Leadership:** Serve as a highly visible ambassador for Saviynt’s research capabilities. You will regularly author and publish high\-quality blogs, and technical reports on emerging threats.

### **What you will bring? (Mandatory Requirements)**

• **Extensive Industry Experience:** 12\+ years of progressive experience in cybersecurity, with a minimum of 5\+ years dedicated specifically to Threat Research, Threat Intelligence, or advanced Detection Engineering at a senior/lead level.
• **Technical \& Analytical Skills:**

+ **Threat Intelligence Pivoting:** Tracing connections between seemingly unrelated data points (e.g., IPs, domain names, hashes) to attribute attacks to specific threat actors or Advanced Persistent Threats (APTs).

+ **Security Frameworks:** Applying industry models to classify and map adversary behavior, such as the MITRE ATT\&CK framework, ATLAS, and MAESTRO.

+ **Attack Vectors:** Knowledge of Identity based attacks such as Pass\-the\-Hash/Ticket, Golden/Silver Tickets, MFA Fatigue (Prompt Bombing), Token Theft, Kerberosting and Credential Stuffing.

+ **Adversary Tradecraft:** Familiarity with tools threat actors use to map and exploit identity environments, such as Mimikatz, BloodHound, Rubeus

+ **Vulnerability \& Exploit Research:** Assessing zero\-day flaws, evaluating proof\-of\-concept (PoC) exploits, and testing patching strategies.

+ **Programming \& Scripting:** Familiarity with scripting and programming languages (e.g., Python, Go, Bash) to help rapidly engineer complex detection algorithms and prototype innovative feature proof\-of\-concepts (POCs).

+ **Data Mining \& OSINT:** Gathering threat intelligence from various sources like Open Source Intelligence (OSINT), dark web forums, threat feeds, and internal telemetry.

+ **Rule/Signature Development:** Creating custom detection logic for monitoring platforms (e.g., building YARA or Snort rules), experience writing detection logic using SIEM query languages (Splunk SPL, KQL) or universal formats like Sigma.

• **AI/ML in Threat Research:** Working knowledge of leveraging Artificial Intelligence and Machine Learning technologies to aid in threat research, scale threat hunting capabilities, or improve the fidelity of detection mechanisms, Agentic AI usage and understanding of the upcoming Agentic AI threats.
• **A Portfolio of Excellence:** A demonstrated track record of thought leadership, including published white papers, popular cybersecurity blogs, conference speaking engagements, patents, or acknowledged CVEs.
• **Cross\-Functional Leadership Skills:** Exceptional communication skills with the proven ability to distill complex, highly technical research into clear, actionable requirements for Product Management and Engineering teams.
• **Algorithmic Prototyping:** Good\-to\-have skills in developing and prototyping complex detection algorithms, familiarity with advanced query languages used in data analysis.
• **Identity Security Expertise:** Understanding of Identity and Access Management (IAM), Privileged Access Management (PAM), and cloud identity architectures (AWS IAM, Azure AD/Entra ID, GCP Cloud Identity, Active Directory). Understanding how identity works in AWS (IAM Roles, Policies), GCP (Cloud Identity), and Azure
• **Logistical Flexibility:**

+ Willing to work in a **Hybrid** model from our **Bengaluru** office.

+ Willingness to undertake **some travel** globally based on business requirements, industry conferences, and strategic team syncs.

Saviynt is an amazing place to work. We are a high\-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work that directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.