Security Risk Engineer

Klaviyo is building a world where creators are empowered to own their destiny. In support of this, our Risk & Trust team empowers our fellow Klaviyos to securely deliver value to and foster trust with our customers. Within Risk & Trust, our Risk function enables Klaviyos to take smart, disciplined risks while bolstering accountability around timely and effective risk management. To that end, we’re looking for a highly collaborative Security Risk Engineer who will help us rapidly mature our Risk function by using engineering principles and data-driven strategies to more precisely identify, understand, and communicate risk across all of Klaviyo. 

You’ll partner closely with Engineering, IT, Security, Leadership, and basically every other team at Klaviyo to create a holistic view of risk based on high-quality data about our assets, weaknesses, threats, and safeguards (controls). You will help evolve our risk management practices to be transparent, evidence-based, and centered around quantitative risk models. Through all of this, Klaviyo will be in a much better position to sustainably grow and deliver value to our customers.

What you’ll be doing

• Build and monitor metrics (KPIs, KRIs, KCIs) that provide real-time insight into our risk posture
• Automate and streamline third-party and internal security risk management processes and tools
• Assist with risk management tasks (risk assessments, risk reviews with stakeholders, etc.)
• Identify and assess risks using qualitative and quantitative methods, such as FAIR
• Co-create mitigation and remediation plans with InfoSec and partner team SMEs

• Experience with data query languages (e.g. SQL, SPL, etc.) 
• Experience writing code (e.g. Python, Go, Node.js) to integrate with REST APIs and extract, transform, & load (ETL) data between systems
• Excellent ability to plan, prioritize, and execute work cross-functionally and on-time
• Proficiency discussing complex, nuanced topics with technical & non-technical audiences alike
• Strong alignment with Klaviyo’s core values

Bonus points if you have any of the following:

• Experience building metrics using dashboarding tools (e.g. Domo, Tableau, Splunk, Grafana, etc.)
• Experience designing, building, or implementing technical security controls in AWS
• Experience with cyber risk quantification (CRQ) tools and frameworks, such as riskquant and FAIR
• Experience with threat modeling or secure design reviews 
• Experience in security operations, security engineering, and/or security architecture
• Experience or knowledge of securing web applications, Kubernetes clusters, and/or containers