Lead Security Engineer, Enterprise Security
Overview
At Klaviyo, we value diverse backgrounds, experiences, and perspectives. This role is hybrid, with an expectation of coming into the office three times per week.
Responsibilities
Partner across several teams to drive the security architecture and lifecycle of Klaviyo’s critical SaaS applications, from procurement to offboarding
Ensure the design and operations of identity and access management (IAM) across corporate SaaS platforms, including Just-in-Time Access (JITA), privilege management, and SSO/SCIM integrations; ensuring identity implementation meets or exceeds security standards
Mature and expand Klaviyo’s Zero Trust network architecture — establishing web gateways, defining secure access policies, and building the foundation for a modern corporate network security posture
Champion an AI-first approach to security engineering: designing, prototyping, and iterating with AI tools, and owning the responsible review and deployment of AI-generated artifacts
Manage and mature Cloudflare WAF policies and other perimeter security controls, ensuring coverage, tuning, and continuous improvement
Expand and mature Klaviyo’s endpoint security strategy and tooling, partnering with IT, Detection, Response, and the broader security teams to achieve full endpoint visibility, proactive threat coverage, and rapid response capability across the fleet
Deliver complex, multi-team projects by decomposing technical problems into actionable workstreams, setting the pace through all phases from requirements through production
Requirements
Have 7+ years of experience in security or infrastructure engineering roles, with demonstrated ownership of enterprise security domains such as SaaS security, IAM, Zero Trust, endpoint security, or cloud-delivered security services
Approach every project AI-first: you design with AI, refine with AI, and take full responsibility for validating and owning what you deploy — you are not a passive consumer of AI output
Hands-on by default — you are equally comfortable writing policy-as-code, reviewing architecture, and debugging a production issue
Proficient with Terraform for building and maintaining infrastructure-as-code across enterprise security systems
Experienced operating in AWS environments, with strong familiarity with cloud security services, IAM policies, and secure architecture patterns
Experience with enterprise IdP solutions such as Okta, AWS Cognito
Experienced with enterprise security tooling such as Cloudflare (WAF, gateway), Wiz (CNAPP/cloud security), and CrowdStrike (EDR/endpoint)
Knowledgeable in secrets management, JITA, and modern identity patterns including SSO, SCIM, and privileged access workflows including SAML 2.0, SCIM, OAuth and OIDC — note this is not a dedicated IAM role; fluency in these areas supports broader enterprise security ownership, not identity program management
Experienced mentoring engineers and working through influence: you raise the bar for the people around you and hold team-wide technical standards
Qualifications
Nice to have: experience with GCP or Azure environments, Spacelift for IaC orchestration, AI agent development, or securing AI coding platforms (e.g., Lovable, Vercel, Cursor)
Benefits
Our total compensation package may include participation in the company’s annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility.
Pay
The base salary offered for this position is determined by several factors, including the applicant’s job-related skills, relevant experience, education or training, and work location.
Schedule
This role is hybrid, with an expectation of coming into the office three (3) times per week.