Lead Security Risk Engineer
At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit careers.klaviyo.com to see how we empower creators to own their own destiny.
Klaviyo is building a world where creators are empowered to own their destiny. In support of this, our Risk & Trust team empowers our fellow Klaviyos to securely deliver value to and bolster trust with our customers. Our Risk function enables Klaviyo to take smart, disciplined risks that maximize customer value and minimize losses, while bolstering accountability around timely and effective risk mitigation.
To that end, we’re looking for a highly motivated and collaborative Lead Security Risk Engineer (individual contributor) who will help us rapidly mature our Risk function by using engineering principles and data-driven strategies to more precisely identify, understand, and communicate risk.
You’ll partner closely with Engineering, IT, Business Intelligence, InfoSec, and basically every other team at Klaviyo to create a holistic view of risk based on high quality data about our assets, weaknesses, threats, and safeguards (controls). You will help evolve our risk management practices to be transparent, highly efficient, easy for stakeholders to engage with, and centered around objective evidence and data. By doing this, Klaviyo will be in an even better position to securely deliver value to our customers.
What you’ll be doing:
- Build data pipelines and metrics (KPIs, KRIs, KCIs) that provide real-time insight into our risk posture
- Develop, streamline, automate, and integrate security review processes (threat modeling, secure design reviews, etc.) and risk management processes (identification → assessment → analysis → reporting)
- Empower technical teams to efficiently self-serve security review processes, such as threat modeling
- Identify and assess risk scenarios using qualitative and quantitative methods
- Co-create risk mitigation and remediation plans with InfoSec and partner team subject matter experts
- Mentor your teammates to help them reach their full potential and achieve their development goals
We’d love to hear from you if you have most of the following:
- Experience with SQL, integrating with REST APIs, and writing code in Python or Node.js
- Experience designing, building, or implementing technical security controls in AWS
- Experience with cyber risk quantification (CRQ) tools and frameworks, such as riskquant and FAIR
- Experience building metrics using business intelligence, data analytics, or dashboarding tools (Domo, Tableau, Grafana, QuickSight, etc.)
Everyone on our team needs to have the following:
- Proficiency discussing complex, nuanced topics with technical & non-technical audiences alike
- Excellent ability to plan, prioritize, and execute work cross functionally and on time
- Strong alignment with Klaviyo’s core values
Bonus points if you have any of the following:
- Experience with threat modeling or secure design reviews
- Experience with data science methods and tools (Jupyter Notebooks, Pandas, Monte Carlo simulations, etc.)
- Experience or knowledge of securing web applications, Kubernetes clusters, and/or containers
- Experience in threat detection & response or vulnerability management
- Experience building and deploying cloud native workloads using Terraform and AWS
Get to Know Klaviyo
We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us.
Upon request, you can receive additional information about the compensation and benefits for this role. Requests can be submitted here. Additional information regarding benefits can be found at klaviyorewards.com.
Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.
You can find our Job Applicant Privacy Notice here.