Lead Software Engineer - Platform Anti-Abuse Team

At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you're a close but not exact match with the description, we hope you'll still consider applying. Want to learn more about life at Klaviyo? Visit careers.klaviyo.com to see how we empower creators to own their own destiny.
About this team
Klaviyo takes the security of our customers and the prevention of fraud and abuse stemming from the use of our platform as one of our utmost priorities. With our global reach and self-service platform comes no shortage of risk. By working alongside a team of talented Engineers, Data Scientists, and Security Specialists in the space of Abuse Detection and Prevention, you'll play a key role in ensuring that our platform maintains a strong security posture and prevents abuse before it impacts the unsuspecting citizens of the world.
The Platform Anti-Abuse team provides reusable platform services that allow product and feature teams to tap into the very best of what's available to make sure that if their functionality could be used to compromise the safety of our customers or their customers, they'll know about it and can mitigate it before threat actors and attackers have a chance to do harm. This involves a mix of going hands-on with our existing stack alongside greenfield development, and requires an inquisitive and determined mind to help keep us one step ahead of those who would sign up to use our platform to phish, smish, and otherwise mislead compromised targets into giving up valuable information and endanger their livelihoods.
Members of this team work across our entire R&D department and alongside many of our Security teams in a relentless pursuit of ensuring that our platform stays secure, our customers stay confident in Klaviyo, and their customers stay safe in all of their transactions. Beyond the need for strong API protection and Network Intrusion Detection, this team works to suss out the bad actors who hide amongst our users, waiting to do harm when it's least suspected.
How you'll make a difference

• Partner with Engineers and PMs across R&D to build services and tools to automate the prevention of fraud and abuse inside our platform, by reducing Account Takeovers, Malicious Signups, Content Inspection, and other common vectors for abuse and fraud.
• Partner with Data Scientists to bring new Machine Learning models to life to assist with automated abuse-prevention workflows.
• Partner with our internal Risk, Security, and Compliance teams to make use of their expertise alongside your own to ensure the safety of our platform and our customers.
• Plan, coordinate, and execute projects leveraging existing detection and prevention systems alongside influencing and building net-new tools and services to combat malicious actors.
• Work across all of Klaviyo to not just ship code, but fully integrate solutions into our existing UX and product workflows throughout the entirety of the customer journey - from signup to account closure and everything in between.
• Collaborate on the definition of success metrics and implement various means of measurement.
• Minimize false positives / negatives while confronting and combating persistent abusers and net-new abuse vectors.

Who you are

• An experienced software engineer with over 8 years of practice with the art of writing and delivering high quality software, including stand alone platform-available services alongside reusable tools and scripts.
• Have built, extended, and maintained several high scale systems used by internal and external customers
• Deeply experienced with design principles and best practices involving Event Based Architecture and Domain Driven Architecture
• Deeply Experienced with API design (REST / GRPC) and management.
• Experienced with working across multiple stakeholders across various functions in large scale, high priority projects where strong coordination and timely communication are valued at a premium.
• Experienced with monolithic and service-based architectures, with a focus on scalability and reliability.
• Experienced with secure software architecture patterns.
• Experienced writing and tuning high performance SQL queries over large datasets.
• Experienced with writing queries and creating dashboards in Splunk, Cloudwatch, and Grafana.
• Experienced with working across multiple stakeholders across various functions in large scale, high priority projects where strong coordination and timely communication are valued at a premium.

Tech Stack

• Python, Django, and Go
• K8s
• MySQL and Snowflake
• Queueing / Streaming Infrastructure (RabbitMQ, Apache Pulsar, SQS, etc)
• AWS (S3, RDS, Elasticache, etc)
• Terraform
• Grafana and Splunk

Nice to have

• Experience with Django at high scale
• Experience with service hardening techniques such as Penetration and Vulnerability testing
• Experience with OCR and Image Recognition technologies and algorithms
• Experience with User Behavior Modeling and Anomaly Detection
• Experience generating / using deep learning embeddings, such as those based on text
• Experience working with OpenCTI and similar systems
• Familiarity with means of detecting, stymieing, and preventing fraudulent and malicious users from engaging in data exfiltration, list spamming, and other harmful techniques.
• Familiarity with means of detecting, stymieing, and preventing fraudulent and malicious users from engaging in data exfiltration, list spamming, and other harmful techniques.
• Familiarity with modern practices, tools, and third party services which service the space of detecting and preventing abuse within SasS platforms.
• Familiarity with ML Modelling and working with Data Scientists to design, create, tune, and productionalize real-world models to detect and assist with prevention of abusive or malicious content.
• Familiarity with the domains of Email, SMS, and other communication channels.

The pay range for this role is listed below. Sales roles are also eligible for variable compensation and hourly non-exempt roles are eligible for overtime in accordance with applicable law. This role is eligible for benefits, including: medical, dental and vision coverage, health savings accounts, flexible spending accounts, 401(k), flexible paid time off and company-paid holidays and a culture of learning that includes a learning allowance and access to a professional coaching service for all employees.
Base Pay Range For US Locations:
$192,000 - $288,000 USD
Get to Know Klaviyo
We're Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we're developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators-ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you're ready to do the best work of your career, where you'll be welcomed as your whole self from day one and supported with generous benefits, we hope you'll join us.
Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.
IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls.