Senior Principal Threat Researcher

What you will bring? (Mandatory Requirements)

Extensive Industry Experience: 12+ years of progressive experience in cybersecurity, with a minimum of 5+ years dedicated specifically to Threat Research, Threat Intelligence, or advanced Detection Engineering at a senior/lead level.

Technical & Analytical Skills

Threat Intelligence Pivoting: Tracing connections between seemingly unrelated data points (e.g., IPs, domain names, hashes) to attribute attacks to specific threat actors or Advanced Persistent Threats (APTs).

Security Frameworks: Applying industry models to classify and map adversary behavior, such as the MITRE ATT&CK framework, ATLAS, and MAESTRO.

Attack Vectors: Knowledge of Identity based attacks such as Pass-the-Hash/Ticket, Golden/Silver Tickets, MFA Fatigue (Prompt Bombing), Token Theft, Kerberosting and Credential Stuffing.

Adversary Tradecraft: Familiarity with tools threat actors use to map and exploit identity environments, such as Mimikatz, BloodHound, Rubeus

Vulnerability & Exploit Research: Assessing zero-day flaws, evaluating proof-of-concept (PoC) exploits, and testing patching strategies.

Programming & Scripting: Familiarity with scripting and programming languages (e.g., Python, Go, Bash) to help rapidly engineer complex detection algorithms and prototype innovative feature proof-of-concepts (POCs).

Data Mining & OSINT: Gathering threat intelligence from various sources like Open Source Intelligence (OSINT), dark web forums, threat feeds, and internal telemetry.

Rule/Signature Development: Creating custom detection logic for monitoring platforms (e.g., building YARA or Snort rules), experience writing detection logic using SIEM query languages (Splunk SPL, KQL) or universal formats like Sigma.

AI/ML in Threat Research: Working knowledge of leveraging Artificial Intelligence and Machine Learning technologies to aid in threat research, scale threat hunting capabilities, or improve the fidelity of detection mechanisms, Agentic AI usage and understanding of the upcoming Agentic AI threats.

A Portfolio of Excellence: A demonstrated track record of thought leadership, including published white papers, popular cybersecurity blogs, conference speaking engagements, patents, or acknowledged CVEs.

Cross-Functional Leadership Skills: Exceptional communication skills with the proven ability to distill complex, highly technical research into clear, actionable requirements for Product Management and Engineering teams.

Algorithmic Prototyping: Good-to-have skills in developing and prototyping complex detection algorithms, familiarity with advanced query languages used in data analysis.

Identity Security Expertise: Understanding of Identity and Access Management (IAM), Privileged Access Management (PAM), and cloud identity architectures (AWS IAM, Azure AD/Entra ID, GCP Cloud Identity, Active Directory). Understanding how identity works in AWS (IAM Roles, Policies), GCP (Cloud Identity), and Azure

Logistical Flexibility

Willing to work in a Hybrid model from our Bengaluru office.

Willingness to undertake some travel globally based on business requirements, industry conferences, and strategic team syncs.

Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work that directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!