Principal Engineer Security

Klaviyo

Principal Engineer Security

Posted Yesterday

Easy Apply

Be an Early Applicant

Boston MA USA

Hybrid

244K-366K Annually

Expert/Leader

Consumer Web • eCommerce • Marketing Tech • Retail • Software • Analytics • Generative AI

Best place for ambitious people to learn and grow.

The Role

Lead Klaviyo's infrastructure security architecture and programs: IAM secrets management network segmentation vulnerability management and security tooling. Build IaC guardrails define security SLOs and compliance posture run threat modeling and design reviews embed controls into CI/CD and observability and deliver code/automation while mentoring senior engineers. Drive AI-enabled security automation and audit readiness for SOC 2/ISO 27001.

Summary Generated by Built In

At Klaviyo we value the unique backgrounds experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit klaviyo.com/careers to see how we empower creators to own their own destiny.

Klaviyo's platform sends billions of messages and processes petabytes of customer data for hundreds of thousands of businesses. As we scale up-market and embed AI/agentic systems throughout our product and platform security must be built into the foundation not bolted on. The Principal Engineer Security is a hands-on IC who owns Klaviyo's infrastructure security architecture: IAM secrets management network defenses vulnerability management security tooling and the compliance controls that underpin our enterprise and regulatory obligations.

This is an individual-contributor role no direct reports. You lead through technical depth code and design quality partnering closely with the Core Infrastructure PE SRE and AppSec teams to make "secure by default" a reality for every engineering team at Klaviyo.

What You'll Do

Define and own Klaviyo's infrastructure security architecture: IAM frameworks service-to-service auth secrets management network segmentation and production access controls designed to scale with our multi-tenant multi-region footprint.
Build and maintain security guardrails as IaC modules; codify controls into golden paths that teams inherit automatically so security improves with velocity not against it.
Own the vulnerability management program: SLO-backed triage and remediation trend tracking and systemic fixes turn recurring vulnerability classes into solved engineering problems.
Define the security SLO and compliance framework for production infrastructure; run readiness reviews communicate posture clearly to engineering and exec stakeholders.
Author security ADRs and RFCs; partner with the Core Infrastructure PE to embed security controls in CI/CD pipelines paved roads and the observability stack.
Lead threat modeling and security design reviews for high-risk architectural changes accelerate delivery by making reviews lightweight and high-signal.
Partner with SRE AppSec and FinOps on cross-cutting initiatives: zero-trust progress GDPR/compliance guardrails and audit readiness for SOC 2/ISO 27001.
Write high-impact code automation and tooling; mentor Staff and Senior security engineers across teams through design pairing code review and example.
Transform workflows by putting AI at the center building smarter systems and ways of working from the ground up.

Who You Are

Experience: 10+ years in infrastructure or platform security engineering with a track record of shipping security improvements that measurably reduced risk or improved compliance posture at scale.
Technical depth: Deep in cloud infrastructure security (AWS/GCP IAM service mesh mTLS secrets management network defenses); you architect and ship production controls not just audit them.
SLO and compliance rigor: You define security SLOs track MTTR for vulnerabilities and communicate risk posture clearly; you translate security work into business language that non-security stakeholders act on.
Developer-centric mindset: You build tools and guardrails that other engineers adopt because they make their work easier—not because they're required to.
Cross-org influence: You align teams through threat models security reviews and IaC guardrails; you earn credibility via code design quality and clear reasoning not title.
Operational excellence: You've been on-call for security incidents. You write runbooks lead readiness reviews and treat recurring vulnerabilities as systemic engineering problems.
Communication: You write crisp ADRs and RFCs run effective security design reviews and translate risk exposure into decisions business stakeholders can act on.
AI tools and automation: You've brought AI into security engineering automated threat detection intelligent vulnerability triage AI-assisted compliance checks or security copilots—with explicit guardrails and audit trails.
You've already experimented with AI in work or personal projects and you're excited to dive in and learn fast. You're hungry to responsibly explore new AI tools and workflows finding ways to make your work smarter and more efficient.

Nice to Haves

Experience with zero-trust architecture and progressive access control in a large multi-tenant SaaS environment.
Deep familiarity with enterprise compliance frameworks (SOC 2 ISO 27001 GDPR) and the infrastructure controls that underpin them.
Track record of embedding security tooling into CI/CD and IaC pipelines adopted org-wide.
Experience securing AI/ML systems: model access controls data privacy guardrails and agentic system security boundaries.

Success in 6 - 12 Months

Security guardrails codified as IaC modules and enforced in paved roads; IAM and secrets management posture measurably improved.
Security SLO framework established; MTTR for critical vulnerabilities trending down; recurring vulnerability classes addressed systemically.
Zero-trust progress measurable against defined milestones; demonstrable audit readiness for SOC 2 / ISO 27001.

Massachusetts Applicants:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors including the applicant’s job-related skills relevant experience education or training and work location.

In addition to base salary our total compensation package may include participation in the company’s annual cash bonus plan variable compensation (OTE) for sales and customer success roles equity sign-on payments and a comprehensive range of health welfare and wellbeing benefits based on eligibility.

Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process.

Base Pay Range For US Locations:

$244000—$366000 USD

This role may require up to 10% travel for purposes such as new hire onboarding client or partner work if applicable team meetings and industry events. Travel is coordinated in advance.

Get to Know Klaviyo

We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career where you’ll be welcomed as your whole self from day one and supported with generous benefits we hope you’ll join us.

AI fluency at Klaviyo includes responsible use of AI (including privacy security bias awareness and human-in-the-loop). We provide accommodations as needed.

By participating in Klaviyo’s interview process you acknowledge that you have read understood and will adhere to our Guidelines for using AI in the Klaviyo interview Process. For more information about how we process your personal data see our Job Applicant Privacy Notice.

Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race ethnicity citizenship national origin color religion or religious creed age sex (including pregnancy) gender identity sexual orientation physical or mental disability veteran or active military status marital status criminal record genetics retaliation sexual harassment or any other characteristic protected by applicable law.

IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment bank details or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com) instant messaging platforms or unsolicited calls.

By clicking "Submit Application" you consent to Klaviyo processing your Personal Data in accordance with our Job Applicant Privacy Notice. If you do not wish for Klaviyo to process your Personal Data please do not submit an application. You can find our Job Applicant Privacy Notice here and here (FR).

Skills Required

10+ years in infrastructure or platform security engineering
Deep cloud infrastructure security experience (AWS GCP IAM service-to-service auth service mesh/mTLS secrets management network defenses)
Hands-on coding automation and security tooling experience; authoring ADRs and RFCs
Ownership of vulnerability management programs: SLO-backed triage remediation and systemic fixes
Define and track security SLOs and translate security posture into business-facing communications
On-call experience for security incidents; runbook creation and operational readiness
Experience applying AI/automation to security: threat detection intelligent triage AI-assisted compliance with guardrails and audit trails
Experience with zero-trust architecture and progressive access control in large multi-tenant SaaS environments
Familiarity with enterprise compliance frameworks (SOC 2 ISO 27001 GDPR) and audit readiness
Track record embedding security tooling into CI/CD and IaC pipelines adopted org-wide
Experience securing AI/ML systems (model access controls data privacy guardrails)

What the Team is Saying

Klaviyo Compensation & Benefits Highlights

How does Klaviyo ensure its pay and bonus plans are competitive?

Klaviyo supports competitive pay through a total rewards approach that combines salary equity bonus opportunities benefits learning support and a performance culture tied to measurable impact.

Competitive total rewards: Klaviyo’s benefits overview highlights competitive salaries 401(k) match employee referral bonuses equity an employee stock purchase plan flexible paid time off commuter/transit support fitness reimbursements mental and emotional wellbeing programming and learning support. External reviews reinforce the value of the package with employees citing competitive pay bonuses RSUs ESPP health insurance parental leave unlimited PTO and learning stipends as meaningful parts of the employee experience.
Pay connected to impact and outcomes: Klaviyo’s handbook frames performance around ownership clarity and measurable results. The value “Know the score” states that results matter more than effort alone while “Drivers wanted” emphasizes proactive ownership and “Be meticulous in your craft” reinforces a high bar for work quality. That creates a compensation and recognition philosophy where strong outcomes not just activity are central to advancement and rewards.
Equity and long-term value: Equity is a visible part of Klaviyo’s rewards story. Klaviyo offers equity packages to all full-time employees vesting over four years and provides an employee stock purchase plan. That ownership opportunity sits within a growing business: in Q1 2026 Klaviyo reported $358 million in revenue up 28% year over year and raised full-year 2026 revenue guidance to $1.514 billion to $1.522 billion. Those business results give employees a clear connection between company performance long-term growth and the value of ownership-based compensation.
Rewards supported by growth and development benefits: Klaviyo’s compensation package is paired with benefits that help employees grow their careers and build long-term value. K-Pro Learn learning stipends mentorship Career Architecture and manager development programs support continued skill-building. A customer success manager noted that Klaviyo offers a learning stipend for job-related coaching or training while employee survey insights show 78% of respondents feel they are gaining the skills and experience to grow their careers.
External signals:
- Compensation Sentiment: External reviews frequently praise Klaviyo’s competitive salary bonuses equity RSUs ESPP 401(k) match learning stipend and generous benefits. (Glassdoor; Comparably)
- Rewards Ratings: Comparably rates Klaviyo’s compensation an A and perks and benefits an A. (Comparably)
- Employee Value Signals: Reviews highlight PTO health insurance parental leave office amenities learning support and work-life balance as part of the overall rewards package. (Glassdoor; Comparably)

Bottom line: Klaviyo keeps compensation competitive by combining salary bonus opportunities equity ESPP retirement support benefits and learning resources with a culture that rewards ownership measurable outcomes and long-term impact.

Learn more about Klaviyo's Compensation & Benefits →

Klaviyo Insights

What's It Like to Work at Klaviyo? Klaviyo Culture & Values Klaviyo Career Growth & Development What's the Work-Life Balance Like at Klaviyo? Klaviyo Leadership & Management Klaviyo Company Growth Stability & Outlook

View all jobs at Klaviyo

View Klaviyo Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

Boston MA

2400 Employees

Year Founded: 2012

What We Do

Klaviyo (NYSE: KVYO) is the B2C CRM. Powered by its built-in data platform and AI Klaviyo combines marketing automation analytics and customer service into one unified solution making it easy for businesses to know their customers and grow faster. Klaviyo (CLAY-vee-oh) helps over 183000 brands like Mattel Glossier Daily Harvest and Liquid Death deliver 1:1 experiences at scale improve efficiency and drive revenue.

Why Work With Us

We refer to our employees as ‘Klaviyos’ and we make up a diverse community united around shared values: We’re curious collaborative driven innovative fun and fully ourselves at work. No matter which team you join your work won’t just impact Klaviyo. It’ll help empower our customers and enable creators across the globe to own their destinies.