Lead Software Engineer II - Platform Anti-Abuse

Klaviyo

Klaviyo

Software Engineering
Boston, MA, USA
Posted on Sep 24, 2024

At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit careers.klaviyo.com to see how we empower creators to own their own destiny.

About this team

Klaviyo takes the security of our customers and the prevention of fraud and abuse stemming from the use of our platform as one of our utmost priorities. With our global reach comes no shortage of risk. By working alongside a team of talented Engineers, Data Scientists, and Security Specialists in the space of Abuse Detection and Prevention, you'll play a key role in ensuring that our platform maintains a strong security posture and prevents abuse before it impacts the unsuspecting citizens of the world.

The Platform Anti-Abuse team provides reusable platform services that allow product and feature teams to tap into the very best of what's available to make sure that if their functionality could be used to compromise the safety of our customers or their customers, they'll know about it and can shut it down before threat actors and attackers have a chance to do harm. This involves a mix of going hands-on with our existing stack alongside greenfield development, and requires an inquisitive and determined mind to help keep us one step ahead of those who would sign up to use our platform to phish, smish, and otherwise mislead compromised targets into giving up valuable information and endanger their livelihoods.

Members of this team work across our entire R&D department and alongside many of our Security teams in a relentless pursuit of ensuring that our platform stays secure, our customers stay confident in Klaviyo, and their customers stay safe in all of their transactions. Beyond the need for strong API Keys and Network Intrusion Detection, this team works to suss out the bad actors who hide amongst our users, waiting to do harm when it's least suspected.

How you'll make a difference

  • Partner with Engineers and PMs across R&D to build services and tools to automate the prevention of fraud and abuse inside our platform.
  • Partner with Data Scientists to bring new Machine Learning models to life to assist with automated abuse-prevention workflows.
  • Partner with our internal Risk, Security, and Compliance teams to make use of their expertise alongside your own to ensure the safety of our platform and our customers.
  • Define strategies for leveraging existing detection and prevention systems alongside influencing and building net-new tools and services to combat malicious actors.
  • Work across all of Klaviyo to not just ship code, but fully integrate solutions into our existing UX and product workflows throughout the entirety of the customer journey - from signup to account closure and everything in between.

Who you are

  • A highly experienced software engineer with over 10 years of practice with the art of writing and delivering high quality software, including stand alone platform-available services alongside reusable tools and scripts.
  • Deeply familiar with means of detecting, stymieing, and preventing fraudulent and malicious users from engaging in data exfiltration, list spamming, and other harmful techniques.
  • Deeply familiar with modern practices, tools, and third party services which service the space of detecting and preventing abuse within SasS platforms.
  • Extensive experience with preventing fraud and abuse within the domains of Email, SMS, and other communication channels with a focus on reputation management at scale.
  • Experienced with working across multiple stakeholders across various functions in large scale, high priority projects where strong coordination and timely communication are valued at a premium.
  • Experienced with API design (REST / GRPC) and management.
  • Familiar with ML Modelling and working with Data Scientists to design, create, tune, and productionalize real-world models to detect and assist with prevention of abusive or malicious content.
  • Familiar with design principles and best practices involving Event Based Architecture
  • Comfortable leveraging existing systems alongside building new solutions to deliver on your mission to keep our platform from being used for harm.
  • Capable of developing and delivering short and long term roadmaps while partnering with product managers and security specialists.

Tech Stack

  • Python, Django, and Go
  • K8s
  • MySQL and Snowflake
  • Queueing / Streaming Infrastructure (RabbitMQ, Apache Pulsar, SQS, etc)
  • AWS (S3, RDS, Elasticache, etc)
  • Terraform
  • Grafana and Splunk

Nice to have

  • Experience with service hardening techniques such as Penetration and Vulnerability testing
  • Experience with secure software architecture patterns
  • Experience writing and tuning high performance SQL queries over large datasets.
  • Experience with OCR and Image Recognition technologies and algorithms
  • Experience with User Behavior Modeling and Anomaly Detection
  • Experience generating / using deep learning embeddings, such as those based on text
  • Experience working with OpenCTI and similar systems

The pay range for this role is listed below. Sales roles are also eligible for variable compensation and hourly non-exempt roles are eligible for overtime in accordance with applicable law. This role is eligible for benefits, including: medical, dental and vision coverage, health savings accounts, flexible spending accounts, 401(k), flexible paid time off and company-paid holidays and a culture of learning that includes a learning allowance and access to a professional coaching service for all employees.

Base Pay Range For US Locations:
$232,000$348,000 USD

Get to Know Klaviyo

We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us.

Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.

IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls.

You can find our Job Applicant Privacy Notice here.