Our joint success with our customers is built on their trust in us to protect their data from compromise. We can do this only if we scale our security program by embedding secure design principles throughout our development lifecycle. That’s why Klaviyo is looking for a Lead Security Risk Architect.
This role will bolster a secure design culture across Klaviyo while driving secure design processes that focus on securing the infrastructure layer of our products, services, and corporate IT environment. This role will partner closely with our Platform Site Reliability Teams (SRE), Software Engineering, Security & Trust, and IT teams to achieve our secure design program goals.
What you’ll be doing
- Build and sustain secure design and architecture processes that support organizational goals and strategy
- Collaborate with our engineering and product teams to co-create security standards for infrastructure systems and architectures, encompassing cloud, endpoint, and network infrastructure
- Implement secure design processes and tools with a focus on self-serviceability, automation, and shifting left in our project and system development life cycles
- Lead holistic security assessments that include threat modeling and security standards maturity assessments
- Help engineering and product teams create and maintain threat models for their systems and environments
- Educate and empower engineering and product teams to use secure design principles, processes, and tools
- Mentor teammates and stakeholders about security best practices, systems engineering/architecture, collaborative problem solving, and technical leadership
- Minimum of 10+ years of information security, IT audit and/or IT Risk Management experience
- Experience implementing secure design and security architecture processes and tools
- Experience with threat modeling frameworks such as MIRTE and tools such as ThreatDragon, pytm, ThreatSpec, Threagile, etc.
- Experience securing or attacking Windows, Mac, Linux, AWS and/or GCP
- Experience with Kubernetes and container-based environments
- Experience implementing secure network configurations and designs by utilizing access control lists (ACLs), subnets, VLANs, firewalls, etc.
- Solid time management & prioritization skills with a strong ability to plan, prioritize, and execute projects in coordination with other teams
- Proficiency communicating to technical & non-technical audiences with a positive, collaborative, and enablement-focused attitude
- Eagerness to challenge conventional approaches to solving problems
- Insatiable curiosity & desire to learn new technology and security concepts spanning cloud, endpoint, and network infrastructure
At Klaviyo we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying.
Get to Know Klaviyo
Klaviyo is a world-leading marketing automation platform dedicated to accelerating revenue and customer connection for online businesses. Klaviyo makes it easy to store, access, analyze and use transactional and behavioral data to power highly-targeted customer and prospect communications. The company's hybrid customer-data and marketing-platform model allows companies to grow by fostering direct relationships with customers, without giving up their valuable data to popular big-tech ad platforms. Over 265,000 innovative companies like Unilever, Custom Ink, Living Proof and Huckberry sell more with Klaviyo. Learn more at www.klaviyo.com.
Klaviyo is committed to diversity and to a policy of equal employment opportunity and non-discrimination. We do not discriminate on the basis of race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation or any other characteristic protected by applicable law.