Lead Security Engineer, Cloud Infrastructure

As a Lead Security Engineer, you'll be a vital part of the Infrastructure Security Team, focusing on strengthening the security posture across Klaviyo's entire technology environment, developing security architectures and repeatable patterns and mentoring colleagues and junior security engineers. Unlike roles with a narrowly defined specialty, this position offers the opportunity to demonstrate your unique expertise-whether that's in cloud security, identity and access management, data protection, secure systems design, or other security domains. Your work will involve evaluating and hardening our infrastructure, collaborating with cross-functional teams, and leveraging AI to build scalable solutions to address emerging threats.

We are looking for someone who is excited to bring their specialized skills to the team, shaping Klaviyo's security practices and helping us continue to raise the bar.

How You Will Make a Difference

• Secure Klaviyo's infrastructure by designing, implementing, and maintaining scalable security controls across cloud, on-prem, and hybrid environments
• Evaluate and improve security configurations and policies across a range of technologies, using your domain expertise to reduce risk and enable secure-by-default architectures
• Collaborate with engineering and IT teams to embed security practices and develop repeatable security patterns across the development and deployment lifecycle
• Lead threat modeling, risk assessments, and architecture reviews in areas aligned with your specialty
• Develop automated solutions and infrastructure-as-code to drive consistent and reproducible security outcomes
• Stay ahead of the latest threats and advocate for innovative security solutions aligned with business needs
• Help define security standards and best practices at Klaviyo, championing their adoption across teams

Who You Are

• Have 5+ years of experience in infrastructure or security engineering roles, with deep knowledge in one or more security focus areas (e.g., cloud security, IAM, endpoint security, data protection, detection engineering, compliance)
• Comfortable navigating ambiguity and defining priorities in a broad-scoped role
• Experienced working in modern cloud environments such as AWS, GCP, or Azure
• Familiar with infrastructure-as-code tools such as Terraform, CloudFormation, or Pulumi
• Proficient in secure systems design, threat modeling, and vulnerability management
• AI Agentic development and prompt engineering, MCP (AWS Bedrock, OpenAI, Anthropic)
• Able to clearly articulate complex security topics to technical and non-technical stakeholders
• Passionate about security, eager to learn from others and share your expertise
• Nice to have - certifications (e.g., CISSP, CKS, GCP/AWS Security certs) or equivalent practical experience

We use Covey as part of our hiring and / or promotional process. For jobs or candidates in NYC, certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 3, 2025.

Please see the independent bias audit report covering our use of Covey here