Saviynt's AI-powered identity platform manages and governs human and non-human access to all of an organization's applications, data, and business processes. Customers trust Saviynt to safeguard their digital assets, drive operational efficiency, and reduce compliance costs. Built for the AI age, Saviynt is today helping organizations safely accelerate their deployment and usage of AI. Saviynt is recognized as the leader in identity security, with solutions that protect and empower the world’s leading brands, Fortune 500 companies and government institutions. For more information, please visit www.saviynt.com
We are looking for a Principal Security Engineer to lead application and infrastructure security efforts across our engineering organization. You will be hands-on identifying vulnerabilities, writing fixes, and working directly with tiger teams to resolve critical and zero-day issues under pressure. This is not a governance-only role; you will code, review, and ship.
Lead SAST, SCA, and secret detection initiatives across Java, Spring Boot, Grails, JVM-based, and Python application and IaC stacks
Triage, prioritize, and remediate vulnerabilities — including writing code fixes
Define and enforce container security standards for Docker images, base image hardening, and runtime policies
Secure Kubernetes clusters on AWS EKS and/or Azure AKS — RBAC, network policies, pod security standards, admission controllers
Experience with infrastructure-as-code security scanning — Terraform, CloudFormation, and Helm chart security review and hardening
Conduct threat modeling on new features and requirements provided by product teams - identify attack surfaces, data flow risks, and trust boundaries before code is written (STRIDE, DREAD, or equivalent frameworks)
Conduct targeted penetration testing and vulnerability assessments on applications and infrastructure
Assess application security needs and recommend WAF, DDoS protection, and rate limiting strategies (e.g., Cloudflare, AWS WAF/Shield, Azure Front Door)
Collaborate with tiger teams during incident response to analyze, contain, and remediate critical and zero-day vulnerabilities
Evangelize OWASP Top 10 awareness and secure coding practices across engineering teams through structured training programs, lunch-and-learns, and hands-on workshops
Administer a security training platform — curate learning paths, track completion metrics, and ensure all engineers complete baseline secure coding training
Evaluate, integrate and mature security tooling into CI/CD pipelines
Experience building internal security tooling or custom SAST/SCA rules
10+ years in software engineering or security engineering, with 5+ years focused on application and infrastructure security
AI first approach to assess, design, triage and fix issues. Produce shareable AI artifacts for others to scale fixing issues
Deep expertise in static analysis (SAST), software composition analysis (SCA), and secret scanning across JVM ecosystems (Java, Spring Boot, Grails) and Python
Strong hands-on coding ability — you can read, write, and fix code in Java, Python, and Groovy
Production experience securing Kubernetes workloads on AWS EKS or Azure AKS
Solid understanding of container security — image scanning, runtime protection, least-privilege configurations
Strong knowledge of end-to-end encryption — TLS/mTLS implementation, certificate management, PKI, key rotation, and secrets management (HashiCorp Vault, AWS KMS,Azure Key Vault)
Proven experience conducting threat modeling on product requirements — ability to partner with product teams early in the SDLC to identify and mitigate risks before implementation
Working knowledge of network security: ingress/egress controls, TLS termination, mTLS, VPC/VNET segmentation
Practical experience with penetration testing tools and methodologies (Burp Suite, OWASP ZAP, etc.)
Strong command of OWASP Top 10 vulnerabilities and their mitigations
Demonstrated experience evangelizing security culture — delivering training, mentoring developers, and driving adoption of secure coding practices using security training platforms
Experience responding to critical security incidents and zero-day disclosures in fast-paced environments
Database security experience — access controls, query injection prevention, audit logging, encryption at the storage layer (PostgreSQL, MySQL, Oracle, Elasticsearch)
Familiarity with service mesh security (Istio, Linkerd)
Design and review network security controls including ingress/egress traffic policies, service mesh configurations, and firewall rules
Implement and enforce end-to-end encryption using TLS and mTLS across services — certificate lifecycle management, trust chain validation, and zero-trust network architecture
If required for this role, you will:- Complete security & privacy literacy and awareness training during onboarding and annually thereafter- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):
> Data Classification, Retention & Handling Policy > Incident Response Policy/Procedures > Business Continuity/Disaster Recovery Policy/Procedures > Mobile Device Policy > Account Management Policy > Access Control Policy > Personnel Security Policy > Privacy Policy
Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!
Saviynt is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
At Saviynt, we are pioneers in intelligent identity security solutions, dedicated to empowering enterprises to safeguard their digital environments. We aim to transform IGA by delivering innovative, cloud-first solutions that ensure security, compliance, & risk management across diverse IT landscapes, including multi-cloud, hybrid, & on-premises environments.
Our Values
Innovation: We continuously enhance our solutions to meet the evolving needs of the modern enterprise.
Customer Focus: Our customers are at the heart of everything we do. We strive to provide exceptional service & solutions that deliver real value.
Accountability: We take responsibility for our actions & deliver on our promises, ensuring excellence in every aspect of our work.
Collaboration: We believe in the power of working together & fostering an inclusive environment where ideas & innovation can flourish.
Integrity: We operate with the highest standards of ethics & transparency, building trust with our customers, partners, & team members.
Our Mission
Saviynt’s mission is to provide intelligent, cloud-first identity governance & access management solutions that enable organizations to achieve Zero-Trust security. We aim to simplify the complexity of identity security by providing deep visibility & seamless integration across all IT environments.
Our Goals
Enhance Security: We help organizations protect their most critical assets from cyber threats by leveraging advanced identity governance & access management solutions.
Ensure Compliance: Our solutions meet stringent regulatory requirements, helping organizations maintain compliance effortlessly.
Drive Efficiency: We enable organizations to streamline their identity management processes through automation & intelligent analytics, reducing costs & improving productivity.
Foster Innovation: We are committed to staying at the forefront of technology, continually evolving our solutions to meet the demands of the digital age.
