Application Security Engineering Manager - Security Operations (Boston)

Klaviyo

Klaviyo

Software Engineering, Other Engineering, Operations
Boston, MA, USA
Posted on Dec 11, 2023

At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit careers.klaviyo.com to see how we empower creators to own their own destiny.

Klaviyo is looking for an Application Security Engineer to lead our Security Operations AppSec team as we grow our function to support deploying secure applications across our software ecosystem. The Application Security Engineering Manager will collaborate with teams across Klaviyo to develop secure software patterns and apply them to shared libraries enabling development and platform teams to focus on product and functionality.

Security Operations Application Security Engineers technical responsibilities include:

  • Develop a secure code architecture and patterns that enable Klaviyo to efficiently and securely perform transactions on the platform.
  • Identify legacy patterns of data access where consolidation of functionality into centralized libraries simplifying code maintenance and modifications to core activities.
  • Understand core 3rd party solutions such as Django and React; take advantage of new security features within our code base when they are released.
  • Work side by side with other Security Operations team members to assist with Detection and Response, Offensive Security, and Infrastructure hardening.
  • Hands on implementation of architecture designs and library development within our code base.
  • Leverage existing tooling to their fullest ensuring the teams take full advantage of our investments.

Security Operations Application Security Engineers managerial responsibilities include:

  • Creating roadmaps for Application Security goals that align with reducing risk across the platform. OWASP top 10, Secure Code Best Practices, CIS Benchmarks are all used to measure success within Klaviyo.
  • Mentoring Application Security Engineers, personal growth, technical growth, and career growth.
  • Ensuring team members and yourself have a healthy work / life balance by managing individual workloads.
  • Tracking team performance and providing continuous feedback and periodic employee reviews.
  • Identifying tooling required to execute efficiently and enable all developers to practice secure code best practices; internally developed and commercial products.

If you are an experienced Application Security Engineer with prior team leadership and/or managed other Application Security Engineers, have a passion for mentoring and sharing your knowledge to team members and experience with large scale web applications that process billions of transactions across multiple technologies, this may be the role for you.

Requirements:

  • Prior leadership experience
  • 8+ years developing secure code libraries (preferably in Python)
  • Have experience with the following or similar technologies
    • Python, Django, Nginx, React
    • MySQL, RabbitMQ, Redis
    • Amazon Web Services (EC2, RDS, Aurora, etc.)
    • Terraform, Packer, Jenkins, Kubernetes

The pay range for this role is listed below. Sales roles are also eligible for variable compensation and hourly non-exempt roles are eligible for overtime in accordance with applicable law. This role is eligible for benefits, including: medical, dental and vision coverage, health savings accounts, flexible spending accounts, 401(k), flexible paid time off and company-paid holidays and a culture of learning that includes a learning allowance and access to a professional coaching service for all employees.

Pay Range For US Locations:
$192,000$288,000 USD

Get to Know Klaviyo

We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us.

Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.

IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls.

You can find our Job Applicant Privacy Notice here.