Klaviyo crafts software helping thousands of ecommerce companies to have engaging relationships with hundreds of millions of consumers.  We love taking on tough engineering problems and look for full stack engineers who specialize in certain areas but are passionate about building, owning & scaling features end to end from scratch and breaking through any obstacle or technical challenge in their way. We push each other to move out of our comfort zone, learn new technologies and work hard to ensure each day is better than the last.

Klaviyo is looking for a Lead Detection & Response Engineer to add to our rapidly growing security team. This is a hands-on technical role that involves solving complex security problems, incident response, threat detection, security orchestration and automation, and building new tools to take the Detection & Response Program to the next level. As Lead/Sr. Detection & Response Engineering you will have the opportunity to provide incident response thought leadership, lead incidents and investigations, perform digital forensics, execute on core detection and response engineering efforts, and innovate on a broad scale within Security Operations. 

What you’ll be doing

• Detect, respond, and report on cyber threats and incidents using tools such as a SIEM, IDS, EDR, Firewalls and modern cloud platforms  
• Lead end-to-end security incident response investigations 
• Lead forensic investigations to include collection, preservation of evidence and analysis
• Perform incident response activities to include host and network forensics, log analysis, malware analysis and more 
• Conduct ad-hoc threat hunts in support of SecOps, detection and response
• Automate and codify detection and response processes and playbooks
• Assist with developing threat detection signatures, analytics, and correlation rules
• Mentor other engineers and members of the team
• Work with various engineering stakeholders to identify gaps and recommendations to mitigate organizational risk

We’d love to hear from you if you have:

• 8+ years of hands-on security operations experience in the modern cloud environments
• Hands-on experience with SIEM and centralized logging (e.g., Splunk)
• Experience securing cloud environments such as AWS, GCP, and/or Azure
• Experience leveraging scripting languages to automate or build features (Bash, Python, Go and/or Ruby)
• Understand techniques, tools and procedures used by bad actors 
• Subject matter expert in the areas of incident response and analysis of security events
• Experience with Security Orchestration, Automation, and Response (SOAR)
• Strong fundamentals of Linux and Mac operating systems
• Demonstrate strong understanding of: Threat Detection & Response in Cloud, Cloud Security, Operating System Security and IAM
• Automation-first approach for all work performed
• Strong oral and written communication skills
• Team player with a strong, self-managing work ethic