Software Engineer II - Identity & Access Management

The Core Infrastructure – Identity & Organizations (Core IO) pillar owns the foundational substrate for identity access organizations and platform integrity at Klaviyo. We manage the critical path of the user journey from login to enforcing permissions to operating within the correct organization and regional context so that the rest of the platform can move fast and stay secure.

Within Core IO the Identity & Access Management (IAM) team builds and operates Klaviyo’s centralized authentication and authorization platform for both humans and machines. We power login SSO MFA SCIM internal service auth and external API auth and we are in the middle of transforming Klaviyo’s identity stack into a unified enterprise-grade platform.

• Shape Klaviyo’s identity platform: You’ll help design and build the services that every product team and customer relies on login sessions permissions and secure service APIs are all on your roadmap.
• High-leverage platform-level impact: Your work will directly affect engineering velocity (auth as a shared service) Enterprise deal wins (SSO/SCIM/RBAC/ReBAC) and Data Residency (region-aware auth flows).
• Deep systems and security learning: You’ll work on distributed systems modern IdP integration machine auth and secure-by-default patterns with strong mentorship and meaningful ownership.

As a Software Engineer II on the IAM team you will:

• Own features end-to-end across design implementation rollout and observability for core authN/Z capabilities such as login flows MFA SSO enhancements SCIM sessions and role/permission enforcement.
• Contribute to auth platform extraction: Help move authentication and authorization paths out of the legacy monolith into dedicated micro services including token verification API key services and internal service auth behind Kong and IdP platform.
• Build and maintain shared SDKs and contracts that let internal teams adopt IAM services quickly (OAuth machine auth org-scoped authZ) making “secure by default” the simplest option for new surfaces and agents.
• Collaborate with Organizations & Accounts to support org-scoped identity multi-account SSO and flexible org/account models that underpin enterprise experiences and cross-account analytics.
• Partner with Platform Integrity & Protection (PAA) Security and Compliance on secure patterns for account protection (MFA recovery device/session risk) ensuring IAM is a strong foundation for account security and anti-abuse controls.
• Improve reliability and performance of IAM services by instrumenting metrics and alerts debugging production issues and contributing to on-call rotations and incident reviews.
• Help define and refine standards for authentication and authorization across the platform APIs error semantics audit logging and integration patterns so product teams don’t reinvent them per-service.

You are a mid-level software engineer who has shipped and supported production systems and who wants to specialize in identity security and platform infrastructure.

• Experienced systems builder: You have 2-5+ years of professional software engineering experience including building and operating backend or full-stack services in production.
• Strong fundamentals & debugging skills: You are comfortable reasoning about data models API design concurrency and failure modes and you can dig through logs metrics and traces to identify root causes and implement systemic fixes.
• Security & identity motivated: You’re excited by authentication authorization and account security problems and want to deepen your expertise in areas like MFA SSO SCIM OAuth and roles/permissions.
• Platform/infra mindset: You like building reusable services and tools that other engineers rely on including libraries SDKs and patterns that raise the floor for quality and security across the org.
• Ownership & collaboration: You take responsibility for outcomes not just code. You’re comfortable driving a small project or component coordinating with partner teams and communicating trade-offs clearly in design docs and PRs.
• You’ve already experimented with AI in work or personal projects and you’re excited to dive in and learn fast. You’re hungry to responsibly explore new AI tools and workflows finding ways to make your work smarter and more efficient.

• 2-5+ years of professional software engineering experience.
• Proficiency in at least one of Python Go or TypeScript/JavaScript and comfort working on backend and/or service-oriented systems.
• Experience building or operating web services or APIs backed by relational databases and/or caches (e.g. MySQL Postgres Redis).
• Familiarity with authentication or authorization concepts (sessions tokens OAuth SSO MFA RBAC) and an interest in going much deeper.
• Exposure to CI/CD pipelines and modern development workflows (code review testing deployments on-call participation or support).

You don’t need all of these but experience in any of the following is a bonus:

• Building or integrating with IdPs and identity protocols (SAML/OIDC enterprise SSO SCIM OAuth API key management).
• Working with cloud-native infrastructure (AWS Kubernetes Terraform Kong or similar API gateways and service meshes).
• Experience with high-scale distributed systems or performance-sensitive services where availability and latency targets matter (e.g. auth endpoints org lookups internal service auth).
• Familiarity with observability stacks (Grafana Datadog/Splunk internal metrics/logging frameworks) and using them to drive reliability improvements.
• Interest or experience in adjacent Core IO domains like Organizations & Accounts or Platform Anti-Abuse (PAA) especially where they intersect with auth and account security.

You’ll work with some of these on day one and have opportunities to learn the rest:

• Languages & frameworks: Python Django Go TypeScript/React.
• Identity & access: OAuth API keys SSO SCIM MFA roles & permissions internal service auth SDKs.
• Infrastructure & platform: AWS Kubernetes Terraform Kong microservice platform for auth and organizations.
• Data & observability: MySQL Redis Kafka/queues Grafana Splunk internal logging/metrics pipelines.

We use Covey as part of our hiring and / or promotional process. For jobs or candidates in NYC certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 3 2025.

Please see the independent bias audit report covering our use of Covey here

What We Do

Klaviyo (NYSE: KVYO) is the B2C CRM. Powered by its built-in data platform and AI Klaviyo combines marketing automation analytics and customer service into one unified solution making it easy for businesses to know their customers and grow faster. Klaviyo (CLAY-vee-oh) helps over 183000 brands like Mattel Glossier Daily Harvest and Liquid Death deliver 1:1 experiences at scale improve efficiency and drive revenue.

Why Work With Us

We refer to our employees as ‘Klaviyos’ and we make up a diverse community united around shared values: We’re curious collaborative driven innovative fun and fully ourselves at work. No matter which team you join your work won’t just impact Klaviyo. It’ll help empower our customers and enable creators across the globe to own their destinies.

Gallery