Principal Engineer, Security

Job Description

Job Description

At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you're a close but not exact match with the description, we hope you'll still consider applying. Want to learn more about life at Klaviyo? Visit klaviyo.com/careers to see how we empower creators to own their own destiny.

Klaviyo's platform sends billions of messages and processes petabytes of customer data for hundreds of thousands of businesses. As we scale up-market and embed AI/agentic systems throughout our product and platform, security must be built into the foundation, not bolted on. The Principal Engineer, Security is a hands-on IC who owns Klaviyo's infrastructure security architecture: IAM, secrets management, network defenses, vulnerability management, security tooling, and the compliance controls that underpin our enterprise and regulatory obligations.

This is an individual-contributor role, no direct reports. You lead through technical depth, code, and design quality, partnering closely with the Core Infrastructure PE, SRE, and AppSec teams to make "secure by default" a reality for every engineering team at Klaviyo.

What You'll Do

• Define and own Klaviyo's infrastructure security architecture: IAM frameworks, service-to-service auth, secrets management, network segmentation, and production access controls, designed to scale with our multi-tenant, multi-region footprint.
• Build and maintain security guardrails as IaC modules; codify controls into golden paths that teams inherit automatically so security improves with velocity, not against it.
• Own the vulnerability management program: SLO-backed triage and remediation, trend tracking, and systemic fixes, turn recurring vulnerability classes into solved engineering problems.
• Define the security SLO and compliance framework for production infrastructure; run readiness reviews, communicate posture clearly to engineering and exec stakeholders.
• Author security ADRs and RFCs; partner with the Core Infrastructure PE to embed security controls in CI/CD pipelines, paved roads, and the observability stack.
• Lead threat modeling and security design reviews for high-risk architectural changes, accelerate delivery by making reviews lightweight and high-signal.
• Partner with SRE, AppSec, and FinOps on cross-cutting initiatives: zero-trust progress, GDPR/compliance guardrails, and audit readiness for SOC 2/ISO 27001.
• Write high-impact code, automation, and tooling; mentor Staff and Senior security engineers across teams through design pairing, code review, and example.
• Transform workflows by putting AI at the center, building smarter systems and ways of working from the ground up.

Who You Are

• Experience: 10+ years in infrastructure or platform security engineering, with a track record of shipping security improvements that measurably reduced risk or improved compliance posture at scale.
• Technical depth: Deep in cloud infrastructure security (AWS/GCP IAM, service mesh mTLS, secrets management, network defenses); you architect and ship production controls, not just audit them.
• SLO and compliance rigor: You define security SLOs, track MTTR for vulnerabilities, and communicate risk posture clearly; you translate security work into business language that non-security stakeholders act on.
• Developer-centric mindset: You build tools and guardrails that other engineers adopt because they make their work easier—not because they're required to.
• Cross-org influence: You align teams through threat models, security reviews, and IaC guardrails; you earn credibility via code, design quality, and clear reasoning, not title.
• Operational excellence: You've been on-call for security incidents. You write runbooks, lead readiness reviews, and treat recurring vulnerabilities as systemic engineering problems.
• Communication: You write crisp ADRs and RFCs, run effective security design reviews, and translate risk exposure into decisions business stakeholders can act on.
• AI tools and automation: You've brought AI into security engineering, automated threat detection, intelligent vulnerability triage, AI-assisted compliance checks, or security copilots—with explicit guardrails and audit trails.
• You've already experimented with AI in work or personal projects, and you're excited to dive in and learn fast. You're hungry to responsibly explore new AI tools and workflows, finding ways to make your work smarter and more efficient.

Nice to Haves

• Experience with zero-trust architecture and progressive access control in a large multi-tenant SaaS environment.
• Deep familiarity with enterprise compliance frameworks (SOC 2, ISO 27001, GDPR) and the infrastructure controls that underpin them.
• Track record of embedding security tooling into CI/CD and IaC pipelines adopted org-wide.
• Experience securing AI/ML systems: model access controls, data privacy guardrails, and agentic system security boundaries.

Success in 6 - 12 Months

• Security guardrails codified as IaC modules and enforced in paved roads; IAM and secrets management posture measurably improved.
• Security SLO framework established; MTTR for critical vulnerabilities trending down; recurring vulnerability classes addressed systemically.
• Zero-trust progress measurable against defined milestones; demonstrable audit readiness for SOC 2 / ISO 27001.

Massachusetts Applicants:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant's job-related skills, relevant experience, education or training, and work location.

In addition to base salary, our total compensation package may include participation in the company's annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility.

Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process.

Base Pay Range For US Locations:

$244,000—$366,000 USD

This role may require up to 10% travel for purposes such as new hire onboarding, client or partner work if applicable, team meetings, and industry events. Travel is coordinated in advance.

Get to Know Klaviyo

We're Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we're developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you're ready to do the best work of your career, where you'll be welcomed as your whole self from day one and supported with generous benefits, we hope you'll join us.

AI fluency at Klaviyo includes responsible use of AI (including privacy, security, bias awareness, and human-in-the-loop). We provide accommodations as needed.

By participating in Klaviyo's interview process, you acknowledge that you have read, understood, and will adhere to our Guidelines for using AI in the Klaviyo interview Process. For more information about how we process your personal data, see our Job Applicant Privacy Notice.

Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.

IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls.

By clicking "Submit Application" you consent to Klaviyo processing your Personal Data in accordance with our Job Applicant Privacy Notice. If you do not wish for Klaviyo to process your Personal Data, please do not submit an application. You can find our Job Applicant Privacy Notice here and here (FR).