Jobs · Engineering · Massachusetts

Software Engineer II - Identity & Access Management

Klaviyo · Boston, MA · 1 wk ago
EngineeringFull-time

About the role

The Core Infrastructure – Identity & Organizations (Core IO) pillar owns the foundational substrate for identity, access, organizations, and platform integrity at Klaviyo. The Identity & Access Management (IAM) team builds and operates Klaviyo’s centralized authentication and authorization platform for both humans and machines. This role involves shaping Klaviyo’s identity platform, contributing to auth platform extraction, building and maintaining shared SDKs, collaborating with other teams, and improving reliability and performance.

Responsibilities

  • Own features end-to-end across design, implementation, rollout, and observability for core authN/Z capabilities such as login flows, MFA, SSO enhancements, SCIM, sessions, and role/permission enforcement.
  • Contribute to auth platform extraction: Help move authentication and authorization paths out of the legacy monolith into dedicated micro services, including token verification, API key services, and internal service auth behind Kong and IdP platform.
  • Build and maintain shared SDKs and contracts that let internal teams adopt IAM services quickly (OAuth, machine auth, org-scoped authZ), making “secure by default” the simplest option for new surfaces and agents.
  • Collaborate with Organizations & Accounts to support org-scoped identity, multi-account SSO, and flexible org/account models that underpin enterprise experiences and cross-account analytics.
  • Partner with Platform Integrity & Protection (PAA), Security, and Compliance on secure patterns for account protection (MFA, recovery, device/session risk), ensuring IAM is a strong foundation for account security and anti-abuse controls.
  • Improve reliability and performance of IAM services by instrumenting metrics and alerts, debugging production issues, and contributing to on-call rotations and incident reviews.
  • Help define and refine standards for authentication and authorization across the platform APIs, error semantics, audit logging, and integration patterns so product teams don’t reinvent them per-service.

Requirements

  • Experienced systems builder: 2-5+ years of professional software engineering experience, including building and operating backend or full-stack services in production.
  • Strong fundamentals & debugging skills: Comfortable reasoning about data models, API design, concurrency, and failure modes, and able to dig through logs, metrics, and traces to identify root causes and implement systemic fixes.
  • Security & identity motivated: Excited by authentication, authorization, and account security problems and eager to deepen expertise in areas like MFA, SSO, SCIM, OAuth, and roles/permissions.
  • Platform/infra mindset: Likes building reusable services and tools that other engineers rely on, including libraries, SDKs, and patterns that raise the floor for quality and security across the org.
  • Ownership & collaboration: Takes responsibility for outcomes, not just code. Drives small projects or components, coordinates with partner teams, and communicates trade-offs clearly in design docs and PRs.

Qualifications

  • Experienced in at least one of Python, Go, or TypeScript/JavaScript, and comfortable working on backend and/or service-oriented systems.
  • Experience building or operating web services or APIs backed by relational databases and/or caches (e.g., MySQL, Postgres, Redis).
  • Familiarity with authentication or authorization concepts (sessions, tokens, OAuth, SSO, MFA, RBAC) and an interest in going much deeper.
  • Exposure to CI/CD pipelines and modern development workflows (code review, testing, deployments, on-call participation or support).

Skills

  • Experienced in at least one of Python, Go, or TypeScript/JavaScript, and comfortable working on backend and/or service-oriented systems.
  • Experience building or operating web services or APIs backed by relational databases and/or caches (e.g., MySQL, Postgres, Redis).
  • Familiarity with authentication or authorization concepts (sessions, tokens, OAuth, SSO, MFA, RBAC) and an interest in going much deeper.
  • Exposure to CI/CD pipelines and modern development workflows (code review, testing, deployments, on-call participation or support).

Benefits

Includes comprehensive health, welfare, and wellbeing benefits based on eligibility.

Pay

Salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant’s job-related skills, relevant experience, education or training, and work location.

Schedule

This role may require up to 10% travel for purposes such as new hire onboarding, client or partner work if applicable, team meetings, and industry events. Travel is coordinated in advance.

Get to Know Klaviyo

We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us.

AI Fluency at Klaviyo

AI fluency at Klaviyo includes responsible use of AI (including privacy, security, bias awareness, and human-in-the-loop). We provide accommodations as needed.

Equal Opportunity Employer

Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.

Similar jobs