Lead Security Engineer, Enterprise Security

At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit klaviyo.com/careers to see how we empower creators to own their own destiny.

As a Lead Security Engineer on the Enterprise Security team, you’ll play a central role in securing the corporate systems and platforms that Klaviyo runs on — spanning critical SaaS applications, identity and access, endpoints, Zero Trust network architecture, and perimeter security. You’ll partner across Engineering, IT, and the broader Security organization to mature existing programs, introduce new capabilities, and ensure our corporate security posture keeps pace with a fast-moving, AI-first company.

This is a hands-on technical leadership role. You’ll be expected to deliver complex, cross-functional projects end to end, establish the design patterns and standards your team works from, and mentor the engineers around you. You bring deep expertise in at least one enterprise security domain and the range to work credibly across several others.

At Klaviyo, AI fluency isn’t optional — it’s foundational. You’ll lead with AI at every stage of your work, from designing solutions to iterating on implementations, and you’ll take full ownership of the quality and security of what you ship.

How You Will Make a Difference

• Partner across several teams to drive the security architecture and lifecycle of Klaviyo’s critical SaaS applications, from procurement to offboarding
• Ensure the design and operations of identity and access management (IAM) across corporate SaaS platforms, including Just-in-Time Access (JITA), privilege management, and SSO/SCIM integrations; ensuring identity implementation meets or exceeds security standards
• Mature and expand Klaviyo’s Zero Trust network architecture — establishing web gateways, defining secure access policies, and building the foundation for a modern corporate network security posture
• Champion an AI-first approach to security engineering: designing, prototyping, and iterating with AI tools, and owning the responsible review and deployment of AI-generated artifacts
• Manage and mature Cloudflare WAF policies and other perimeter security controls, ensuring coverage, tuning, and continuous improvement
• Expand and mature Klaviyo’s endpoint security strategy and tooling, partnering with IT, Detection, Response, and the broader security teams to achieve full endpoint visibility, proactive threat coverage, and rapid response capability across the fleet
• Deliver complex, multi-team projects by decomposing techn