Security Engineer, Threat Detection

Klaviyo is looking for a security engineer to add to our growing Detection & Response Team. This is a hands-on technical role that involves detection engineering, attack path analysis, security orchestration and automation, and development of security tools to take our security program to the next level. As a security engineer, you will have the opportunity to identify attack paths (for our cloud, corporate and product environments), build detections-as-code leveraging our detection development pipeline, help implement machine techniques for threat detection, and execute on core detection and response engineering efforts. 

How you will make a difference:

• Develop, test, and deploy high fidelity signature and anomaly (DS/ML) based detections 
• Conduct TTP-based threat models or attack path analysis to drive detection use cases
• Detect threats leveraging solutions such as SIEM, data lake, and cloud platforms
• Automate and codify detection and response processes and playbooks
• Build threat detection systems, tools, integrations and automations 
• Configure and optimize detection and response technologies (e.g., SIEM, EDR, IDS/IPS)
• Support with threat response efforts and conduct ad-hoc threat hunts 
• Support with log data onboarding into data lake and/or SIEM 
• Collaborate across teams (site, product, engineering, IT) to understand Klaviyo environments and drive threat detection use cases

We’d love to hear from you if you have:

• 3+ years of security experience in the modern cloud environments
• Hands-on experience in detection engineering using SPL and/or SQL
• Hands-on experience with SIEM and centralized logging (e.g., Splunk, Snowflake)
• Strong coding skills to build/automate (e.g., Python, Go)
• Experience with detection-as-code and/or securely deploying code via a CI/CD pipeline
• Strong understanding of tactics, techniques, and procedures used by threat actors 
• Experience with threat modeling or attack path analysis to drive detection use cases
• Knowledge of system fundamentals, OS internals, and file systems for Linux and MacOS
• Knowledge of network security fundamentals and application in a cloud-first environment
• Automation-first approach for detection and response work performed
• Experience creating detections for Okta, Salesforce, Google Workspace a plus
• Experience securing cloud environments such as AWS, GCP, and/or Azure
• Team player with a strong, self-managing work ethic