At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit klaviyo.com/careers to see how we empower creators to own their own destiny.
Klaviyo's platform sends billions of messages and processes petabytes of customer data for hundreds of thousands of businesses. As we scale up-market and embed AI/agentic systems throughout our product and platform, security must be built into the foundation, not bolted on. The Principal Engineer, Security is a hands-on IC who owns Klaviyo's infrastructure security architecture: IAM, secrets management, network defenses, vulnerability management, security tooling, and the compliance controls that underpin our enterprise and regulatory obligations.
This is an individual-contributor role, no direct reports. You lead through technical depth, code, and design quality, partnering closely with the Core Infrastructure PE, SRE, and AppSec teams to make "secure by default" a reality for every engineering team at Klaviyo.
What You'll Do
- Define and own Klaviyo's infrastructure security architecture: IAM frameworks, service-to-service auth, secrets management, network segmentation, and production access controls, designed to scale with our multi-tenant, multi-region footprint.
- Build and maintain security guardrails as IaC modules; codify controls into golden paths that teams inherit automatically so security improves with velocity, not against it.
- Own the vulnerability management program: SLO-backed triage and remediation, trend tracking, and systemic fixes, turn recurring vulnerability classes into solved engineering problems.
- Define the security SLO and compliance framework for production infrastructure; run readiness reviews, communicate posture clearly to engineering and exec stakeholders.
- Author security ADRs and RFCs; partner with the Core Infrastructure PE to embed security controls in CI/CD pipelines, paved roads, and the observability stack.
- Lead threat modeling and security design reviews for high-risk architectural changes, accelerate delivery by making reviews lightweight and high-signal.
- Partner with SRE, AppSec, and FinOps on cross-cutting initiatives: zero-trust progress, GDPR/compliance guardrails, and audit readiness for SOC 2/ISO 27001.
- Write high-impact code, automation, and tooling; mentor Staff and Senior security engineers across teams through design pairing, code review, and example.
- Transform workflows by putting AI at the center, building smarter systems and ways of working from the ground up.
Who You Are
- Experience: 10+ years in infrastructure or platform security engineering, with a track record of shipping security improvements that measurably reduced risk or improved compliance posture at scale.
- Technical depth: Deep in cloud infrastructure security (AWS/GCP IAM, service mesh mTLS, secrets management, network defenses); you architect and ship production controls, not just audit them.
- SLO and compliance rigor: You define security SLOs, track MTTR for vulnerabilities, and communicate risk posture clearly; you translate security work into business language that non-security stakeholders act on.
- Developer-centric mindset: You build tools and guardrails that other engineers adopt because they make their work easier—not because they're required to.
- Cross-org influence: You align teams through threat models, security reviews, and IaC guardrails; you earn credibility via code, design quality, and clear reasoning, not title.
- Operational excellence: You've been on-call for security incidents. You write runbooks, lead readiness reviews, and treat recurring vulnerabilities as systemic engineering problems.
- Communication: You write crisp ADRs and RFCs, run effective security design reviews, and translate risk exposure into decisions business stakeholders can act on.
- AI tools and automation: You've brought AI into security engineering, automated threat detection, intelligent vulnerability triage, AI-assisted compliance checks, or security copilots—with explicit guardrails and audit trails.
- You've already experimented with AI in work or personal projects, and you're excited to dive in and learn fast. You're hungry to responsibly explore new AI tools and workflows, finding ways to make your work smarter and more efficient.
Nice to Haves
- Experience with zero-trust architecture and progressive access control in a large multi-tenant SaaS environment.
- Deep familiarity with enterprise compliance frameworks (SOC 2, ISO 27001, GDPR) and the infrastructure controls that underpin them.
- Track record of embedding security tooling into CI/CD and IaC pipelines adopted org-wide.
- Experience securing AI/ML systems: model access controls, data privacy guardrails, and agentic system security boundaries.
Success in 6 - 12 Months
- Security guardrails codified as IaC modules and enforced in paved roads; IAM and secrets management posture measurably improved.
- Security SLO framework established; MTTR for critical vulnerabilities trending down; recurring vulnerability classes addressed systemically.
- Zero-trust progress measurable against defined milestones; demonstrable audit readiness for SOC 2 / ISO 27001.
Massachusetts Applicants:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant’s job-related skills, relevant experience, education or training, and work location.
In addition to base salary, our total compensation package may include participation in the company’s annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility.
Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process.
This role may require up to 10% travel for purposes such as new hire onboarding, client or partner work if applicable, team meetings, and industry events. Travel is coordinated in advance.
Get to Know Klaviyo
We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us.
AI fluency at Klaviyo includes responsible use of AI (including privacy, security, bias awareness, and human-in-the-loop). We provide accommodations as needed.
By participating in Klaviyo’s interview process, you acknowledge that you have read, understood, and will adhere to our Guidelines for using AI in the Klaviyo interview Process. For more information about how we process your personal data, see our Job Applicant Privacy Notice.
Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.
Skills Required
- 10+ years in infrastructure or platform security engineering
- Deep cloud infrastructure security experience (AWS, GCP, IAM, service-to-service auth, service mesh/mTLS, secrets management, network defenses)
- Hands-on coding, automation, and security tooling experience; authoring ADRs and RFCs
- Ownership of vulnerability management programs: SLO-backed triage, remediation, and systemic fixes
- Define and track security SLOs and translate security posture into business-facing communications
- On-call experience for security incidents; runbook creation and operational readiness
- Experience applying AI/automation to security: threat detection, intelligent triage, AI-assisted compliance with guardrails and audit trails
- Experience with zero-trust architecture and progressive access control in large multi-tenant SaaS environments
- Familiarity with enterprise compliance frameworks (SOC 2, ISO 27001, GDPR) and audit readiness
- Track record embedding security tooling into CI/CD and IaC pipelines adopted org-wide
- Experience securing AI/ML systems (model access controls, data privacy guardrails)
What the Team is Saying
Klaviyo Compensation & Benefits Highlights
How does Klaviyo ensure its pay and bonus plans are competitive?
Klaviyo supports competitive pay through a total rewards approach that combines salary, equity, bonus opportunities, benefits, learning support and a performance culture tied to measurable impact.
- Competitive total rewards: Klaviyo’s benefits overview highlights competitive salaries, 401(k) match, employee referral bonuses, equity, an employee stock purchase plan, flexible paid time off, commuter/transit support, fitness reimbursements, mental and emotional wellbeing programming and learning support. External reviews reinforce the value of the package, with employees citing competitive pay, bonuses, RSUs, ESPP, health insurance, parental leave, unlimited PTO and learning stipends as meaningful parts of the employee experience.
- Pay connected to impact and outcomes: Klaviyo’s handbook frames performance around ownership, clarity and measurable results. The value “Know the score” states that results matter more than effort alone, while “Drivers wanted” emphasizes proactive ownership and “Be meticulous in your craft” reinforces a high bar for work quality. That creates a compensation and recognition philosophy where strong outcomes, not just activity, are central to advancement and rewards.
- Equity and long-term value: Equity is a visible part of Klaviyo’s rewards story. Klaviyo offers equity packages to all full-time employees, vesting over four years, and provides an employee stock purchase plan. That ownership opportunity sits within a growing business: in Q1 2026, Klaviyo reported $358 million in revenue, up 28% year over year, and raised full-year 2026 revenue guidance to $1.514 billion to $1.522 billion. Those business results give employees a clear connection between company performance, long-term growth and the value of ownership-based compensation.
- Rewards supported by growth and development benefits: Klaviyo’s compensation package is paired with benefits that help employees grow their careers and build long-term value. K-Pro Learn, learning stipends, mentorship, Career Architecture and manager development programs support continued skill-building. A customer success manager noted that Klaviyo offers a learning stipend for job-related coaching or training, while employee survey insights show 78% of respondents feel they are gaining the skills and experience to grow their careers.
- External signals:
- Compensation Sentiment: External reviews frequently praise Klaviyo’s competitive salary, bonuses, equity, RSUs, ESPP, 401(k) match, learning stipend and generous benefits. (Glassdoor; Comparably)
- Rewards Ratings: Comparably rates Klaviyo’s compensation an A and perks and benefits an A. (Comparably)
- Employee Value Signals: Reviews highlight PTO, health insurance, parental leave, office amenities, learning support and work-life balance as part of the overall rewards package. (Glassdoor; Comparably)
Bottom line: Klaviyo keeps compensation competitive by combining salary, bonus opportunities, equity, ESPP, retirement support, benefits and learning resources with a culture that rewards ownership, measurable outcomes and long-term impact.
Klaviyo Insights
What We Do
Klaviyo (NYSE: KVYO) is the B2C CRM. Powered by its built-in data platform and AI, Klaviyo combines marketing automation, analytics, and customer service into one unified solution, making it easy for businesses to know their customers and grow faster. Klaviyo (CLAY-vee-oh) helps over 183,000 brands like Mattel, Glossier, Daily Harvest, and Liquid Death deliver 1:1 experiences at scale, improve efficiency, and drive revenue.
Why Work With Us
We refer to our employees as ‘Klaviyos’, and we make up a diverse community united around shared values: We’re curious, collaborative, driven, innovative, fun, and fully ourselves at work. No matter which team you join, your work won’t just impact Klaviyo. It’ll help empower our customers and enable creators across the globe to own their destinies.
Gallery
Klaviyo Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
.png)
