Lead Security Engineer, Enterprise Security IT & Security Location: Denver, CO Hybrid Lead Security Engineer, Enterprise Security At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit klaviyo.com/careers to see how we empower creators to own their own destiny. As a Lead Security Engineer on the Enterprise Security team, you’ll play a central role in securing the corporate systems and platforms that Klaviyo runs on — spanning critical SaaS applications, identity and access, endpoints, Zero Trust network architecture, and perimeter security. You’ll partner across Engineering, IT, and the broader Security organization to mature existing programs, introduce new capabilities, and ensure our corporate security posture keeps pace with a fast-moving, AI-first company. This is a hands-on technical leadership role. You’ll be expected to deliver complex, cross-functional projects end to end, establish the design patterns and standards your team works from, and mentor the engineers around you. You bring deep expertise in at least one enterprise security domain and the range to work credibly across several others. At Klaviyo, AI fluency isn’t optional — it’s foundational. You’ll lead with AI at every stage of your work, from designing solutions to iterating on implementations, and you’ll take full ownership of the quality and security of what you ship. How You Will Make a Difference - Partner across several teams to drive the security architecture and lifecycle of Klaviyo’s critical SaaS applications, from procurement to offboarding - Ensure the design and operations of identity and access management (IAM) across corporate SaaS platforms, including Just-in-Time Access (JITA), privilege management, and SSO/SCIM integrations; ensuring identity implementation meets or exceeds security standards - Mature and expand Klaviyo’s Zero Trust network architecture — establishing web gateways, defining secure access policies, and building the foundation for a modern corporate network security posture - Champion an AI-first approach to security engineering: designing, prototyping, and iterating with AI tools, and owning the responsible review and deployment of AI-generated artifacts - Manage and mature Cloudflare WAF policies and other perimeter security controls, ensuring coverage, tuning, and continuous improvement - Expand and mature Klaviyo’s endpoint security strategy and tooling, partnering with IT, Detection, Response, and the broader security teams to achieve full endpoint visibility, proactive threat coverage, and rapid response capability across the fleet - Deliver complex, multi-team projects by decomposing technical problems into actionable workstreams, setting the pace through all phases from requirements through production Who You Are - Have 7+ years of experience in security or infrastructure engineering roles, with demonstrated ownership of enterprise security domains such as SaaS security, IAM, Zero Trust, endpoint security, or cloud-delivered security services - Approach every project AI-first: you design with AI, refine with AI, and take full responsibility for validating and owning what you deploy — you are not a passive consumer of AI output - Hands-on by default — you are equally comfortable writing policy-as-code, reviewing architecture, and debugging a production issue - Proficient with Terraform for building and maintaining infrastructure-as-code across enterprise security systems - Experienced operating in AWS environments, with strong familiarity with cloud security services, IAM policies, and secure architecture patterns - Experience with enterprise IdP solutions such as Okta, AWS Cognito - Experienced with enterprise security tooling such as Cloudflare (WAF, gateway), Wiz (CNAPP/cloud security), and CrowdStrike (EDR/endpoint) - Knowledgeable in secrets management, JITA, and modern identity patterns including SSO, SCIM, and privileged access workflows including SAML 2.0, SCIM, OAuth and OIDC — note this is not a dedicated IAM role; fluency in these areas supports broader enterprise security ownership, not identity program management - Experienced mentoring engineers and working through influence: you raise the bar for the people around you and hold team-wide technical standards - Nice to have: experience with GCP or Azure environments, Spacelift for IaC orchestration, AI agent development, or securing AI coding platforms (e.g., Lovable, Vercel, Cursor) Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant’s job-related skills, relevant experience, education or training, and work location. In addition to base salary, our total compensation package may include participation in the company’s annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility.  Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process. Base Pay Range For US Locations: $175,200—$262,800 USD This role may require up to 10% travel for purposes such as new hire onboarding, client or partner work if applicable, team meetings, and industry events. Travel is coordinated in advance. Get to Know Klaviyo We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us. AI fluency at Klaviyo includes responsible use of AI (including privacy, security, bias awareness, and human-in-the-loop). We provide accommodations as needed.  By participating in Klaviyo’s interview process, you acknowledge that you have read, understood, and will adhere to our Guidelines for using AI in the Klaviyo interview Process. For more information about how we process your personal data, see our Job Applicant Privacy Notice. Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law. IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls. By clicking "Submit Application" you consent to Klaviyo processing your Personal Data in accordance with our Job Applicant Privacy Notice.  If you do not wish for Klaviyo to process your Personal Data, please do not submit an application.  You can find our Job Applicant Privacy Notice here and here (FR).

Lead Security Engineer, Enterprise Security IT & Security Location: Boston, MA Hybrid Job Description At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit klaviyo.com/careers to see how we empower creators to own their own destiny. As a Lead Security Engineer on the Enterprise Security team, you’ll play a central role in securing the corporate systems and platforms that Klaviyo runs on — spanning critical SaaS applications, identity and access, endpoints, Zero Trust network architecture, and perimeter security. You’ll partner across Engineering, IT, and the broader Security organization to mature existing programs, introduce new capabilities, and ensure our corporate security posture keeps pace with a fast-moving, AI-first company. This is a hands-on technical leadership role. You’ll be expected to deliver complex, cross-functional projects end to end, establish the design patterns and standards your team works from, and mentor the engineers around you. You bring deep expertise in at least one enterprise security domain and the range to work credibly across several others. At Klaviyo, AI fluency isn’t optional — it’s foundational. You’ll lead with AI at every stage of your work, from designing solutions to iterating on implementations, and you’ll take full ownership of the quality and security of what you ship. How You Will Make a Difference - Partner across several teams to drive the security architecture and lifecycle of Klaviyo’s critical SaaS applications, from procurement to offboarding - Ensure the design and operations of identity and access management (IAM) across corporate SaaS platforms, including Just-in-Time Access (JITA), privilege management, and SSO/SCIM integrations; ensuring identity implementation meets or exceeds security standards - Mature and expand Klaviyo’s Zero Trust network architecture — establishing web gateways, defining secure access policies, and building the foundation for a modern corporate network security posture - Champion an AI-first approach to security engineering: designing, prototyping, and iterating with AI tools, and owning the responsible review and deployment of AI-generated artifacts - Manage and mature Cloudflare WAF policies and other perimeter security controls, ensuring coverage, tuning, and continuous improvement - Expand and mature Klaviyo’s endpoint security strategy and tooling, partnering with IT, Detection, Response, and the broader security teams to achieve full endpoint visibility, proactive threat coverage, and rapid response capability across the fleet - Deliver complex, multi-team projects by decomposing technical problems into actionable workstreams, setting the pace through all phases from requirements through production Who You Are - Have 7+ years of experience in security or infrastructure engineering roles, with demonstrated ownership of enterprise security domains such as SaaS security, IAM, Zero Trust, endpoint security, or cloud-delivered security services - Approach every project AI-first: you design with AI, refine with AI, and take full responsibility for validating and owning what you deploy — you are not a passive consumer of AI output - Hands-on by default — you are equally comfortable writing policy-as-code, reviewing architecture, and debugging a production issue - Proficient with Terraform for building and maintaining infrastructure-as-code across enterprise security systems - Experienced operating in AWS environments, with strong familiarity with cloud security services, IAM policies, and secure architecture patterns - Experience with enterprise IdP solutions such as Okta, AWS Cognito - Experienced with enterprise security tooling such as Cloudflare (WAF, gateway), Wiz (CNAPP/cloud security), and CrowdStrike (EDR/endpoint) - Knowledgeable in secrets management, JITA, and modern identity patterns including SSO, SCIM, and privileged access workflows including SAML 2.0, SCIM, OAuth and OIDC — note this is not a dedicated IAM role; fluency in these areas supports broader enterprise security ownership, not identity program management - Experienced mentoring engineers and working through influence: you raise the bar for the people around you and hold team-wide technical standards - Nice to have: experience with GCP or Azure environments, Spacelift for IaC orchestration, AI agent development, or securing AI coding platforms (e.g., Lovable, Vercel, Cursor) Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant’s job-related skills, relevant experience, education or training, and work location. In addition to base salary, our total compensation package may include participation in the company’s annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility.  Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process. Base Pay Range For US Locations: $175,200—$262,800 USD This role may require up to 10% travel for purposes such as new hire onboarding, client or partner work if applicable, team meetings, and industry events. Travel is coordinated in advance. Get to Know Klaviyo We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us. AI fluency at Klaviyo includes responsible use of AI (including privacy, security, bias awareness, and human-in-the-loop). We provide accommodations as needed.  By participating in Klaviyo’s interview process, you acknowledge that you have read, understood, and will adhere to our Guidelines for using AI in the Klaviyo interview Process. For more information about how we process your personal data, see our Job Applicant Privacy Notice. Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law. IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls. By clicking "Submit Application" you consent to Klaviyo processing your Personal Data in accordance with our Job Applicant Privacy Notice.  If you do not wish for Klaviyo to process your Personal Data, please do not submit an application.  You can find our Job Applicant Privacy Notice here and here (FR).

Role Description GXA is seeking a highly capable Security Engineer to support the delivery and operation of our gShield security services. This role is hands-on and technical, focused on incident response, security tool operations, remediation execution, client security support, and internal security improvement initiatives. The Security Engineer serves as a Tier 3 escalation point for active security incidents and plays a key role in operating and improving the gShield security stack across client environments. This individual will work closely with the InfoSec Manager (vISM), vCISO, SOC, Centralized Services, onboarding teams, and internal technical leadership to strengthen client security posture and support rapid, effective response to threats. This is an execution-focused role for someone who is comfortable working in live security events, analyzing alerts and evidence, supporting remediation efforts, and helping maintain the operational excellence of GXA’s security program. Key Responsibilities - Incident Response - Serve as a Tier 3 escalation point for active security incidents, including business email compromise (BEC), adversary-in-the-middle (AiTM), ransomware, and account compromise. - Lead technical analysis during incident response and war room events, including log review, IOC hunting, and lateral movement tracing. - Execute containment and eradication actions such as endpoint isolation, session revocation, and credential resets. - Coordinate with SOC teams and vendor threat intelligence teams during active investigations and containment efforts. - Produce accurate incident timelines, technical findings, and evidence packages for vCISO review and client-facing follow-up. - Tool Operations & Security Stack Support - Operate daily within the gShield toolstack, including platforms such as Huntress, Microsoft Defender for Endpoint (MDE), Cyrisma, DNSFilter, SIEM, and related security technologies. - Perform alert triage, risk identification, scan issue resolution, and follow-through on issues surfaced by security tools. - Support SIEM operations including query development, alert review, and rule tuning. - Assist in tuning detection logic, scan settings, and platform effectiveness in coordination with Centralized Services and security leadership. - Monitor for security gaps, suspicious activity, and control weaknesses across managed environments. - Work within established security standards, baselines, and operational policies defined by the security team and vITMs. - Client Delivery Support - Execute technical remediation items identified through MRMMs, preventative actions, vulnerability reviews, and security recommendations. - Support gShield deliverables through technical validation, evidence gathering, scan review, and vulnerability analysis. - Act as a quality assurance resource for client onboarding into the gShield toolstack, while execution remains with onboarding and Centralized Services teams. - Assist with client hardening efforts and follow-through on security improvement actions across managed environments. - Internal Security Posture - Support remediation of internal GXA security backlog items, including POA&M-related work. - Assist with rollout and support of phishing-resistant MFA, passkeys, and other internal security initiatives. - Contribute to security engineering efforts related to Intune, Defender, ThreatLocker, AppLocker, and RMM scripting. - Help improve internal security controls, tool effectiveness, and technical enforcement mechanisms. - Documentation & Process Improvement - Write and maintain security engineering SOPs, runbooks, detection playbooks, and response procedures related to gShield operations and incident response. - Document technical findings, repeatable procedures, and lessons learned from incidents and tool operations. - Collaborate with security leadership and technical stakeholders on process improvements, skill development, and automation opportunities. - Contribute technical depth to broader security documentation where needed, while recognizing that ownership of policy, standards, and governance documentation remains with security leadership and related functions. Qualifications - 5–7+ years of experience in cybersecurity, security operations, security engineering, or incident response roles. - Strong hands-on experience with incident response, threat detection, and security operations workflows. - Experience working with security platforms such as Microsoft Defender, Huntress, DNSFilter, SIEM solutions, vulnerability management tools, and endpoint security technologies. - Ability to investigate security alerts, analyze logs, trace attacker activity, and support containment and remediation. - Familiarity with common attack types including phishing, BEC, account compromise, ransomware, and identity-based attacks. - Experience supporting security controls in Microsoft 365 and endpoint environments. - Strong documentation skills and ability to write clear technical procedures and findings. - Ability to work calmly and methodically during active incidents and escalations. - Strong collaboration and communication skills with both internal teams and leadership stakeholders. Preferred Qualifications - Experience in an MSP, MSSP, or multi-client environment. - Familiarity with Intune, Microsoft Defender, AppLocker, ThreatLocker, and RMM-based scripting or automation. - Understanding of CIS benchmarks, security hardening standards, and configuration drift monitoring. - Experience supporting vulnerability remediation and technical aspects of vCISO or managed security programs. - Security certifications such as Security+, CySA+, SC-200, SC-300, AZ-500, GCIH, GCIA, or similar are a plus. Success in This Role Looks Like - Security incidents are handled quickly, accurately, and with strong technical discipline. - Alerts and risks surfaced by the toolstack are investigated and acted on consistently. - Client security remediation items are executed thoroughly and on time. - gShield tooling is tuned, effective, and operationally reliable. - Documentation, SOPs, and response playbooks are clear, useful, and continuously improving. - Internal and client security posture improves through strong technical follow-through.

Role Description Reporting to the CISO, the Senior AI Security Engineer will serve as a key contributor to Quickbase's AI security program. This role is responsible for securing enterprise AI technologies, enabling the safe use of AI-powered development tools, supporting AI governance initiatives, conducting AI risk assessments, and helping implement security controls that enable responsible AI adoption across the organization. The ideal candidate combines strong cybersecurity fundamentals with practical experience working with generative AI technologies, developer AI tools, cloud-native architectures, and modern software development practices. Qualifications - 4–7 years of experience in Security Engineering, Application Security, Product Security, Cloud Security, DevSecOps, Information Security, or related cybersecurity disciplines. - Experience conducting security assessments, architecture reviews, technology evaluations, or risk assessments. - Working knowledge of generative AI technologies, large language models (LLMs), AI agents, copilots, and AI-powered development tools. - Understanding of AI security risks including data leakage, prompt injection, excessive permissions, insecure outputs, model misuse, agent abuse, and emerging AI threats. - Experience with cloud platforms such as AWS, Azure, and/or GCP. - Familiarity with modern software development practices, APIs, CI/CD pipelines, and application security principles. - Strong analytical, problem-solving, communication, and stakeholder management skills. - Ability to translate security requirements into practical and scalable solutions. Requirements - Experience supporting enterprise AI adoption, AI governance, AI risk management, or AI security initiatives. - Experience with enterprise AI platforms such as ChatGPT Enterprise, Claude Enterprise, GitHub Copilot, Microsoft Copilot, Gemini, or similar technologies. - Familiarity with AI governance frameworks and industry guidance such as NIST AI RMF, ISO 42001, OWASP Top 10 for LLM Applications, MITRE ATLAS, or responsible AI principles. - Experience evaluating AI vendors, AI-enabled SaaS platforms, or emerging technology solutions. - Experience working in SaaS, cloud-native, or high-growth technology organizations. Benefits - Compensation range for this role is $136,000 - $210,000 per year. - Bonus/commission eligibility. - Access to a full benefits package including health insurance, 401k, paid time off, etc.