Senior Offensive Security Engineer
Posted on 9/22/2022
INACTIVE
Klaviyo

1,001-5,000 employees

Growth marketing automation platform
Company Overview
Klaviyo's missions is to help companies retain customers and maximize their ROI. Klaviyo’s data–proven customer platform allows companies to send relevant, well–timed emails and SMS that increase lifetime values.
Consumer Software

Company Stage

N/A

Total Funding

$1.5B

Founded

2012

Headquarters

Boston, Massachusetts

Growth & Insights
Headcount

6 month growth

21%

1 year growth

23%

2 year growth

63%
Locations
Dorchester, Boston, MA, USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
Python
AWS
JIRA
CategoriesNew
DevOps & Infrastructure
Requirements
  • 3+ years of experience in multiple offensive security engineering disciplines (red teaming, penetration testing, fuzz testing, etc.)
  • Previous SOC analyst responsible for responding to security events
  • Experience using open source and commercial scanners / exploit tools such as Burp / Nessus / OWASP ZAP as a reconnaissance tool
  • Use of reconnaissance open source data such as Shodan, DNS Dumpster, Haveibeenpwned
  • Excellent communication and data presentation skills that allow you to clearly, compellingly, and effectively influence audiences internally and externally, across organizational boundaries for actioning on identified security risks
  • Experience monitoring and triaging inbound security alerts within a ticketing system such as Jira, determining risk, and working with owners to mitigate risk and detect future exploitation attempts. (level 2-3 security analyst)
  • Experience With - VPC / EC2 / Security Groups / ACLs / IAM
  • Experience working with and attacking / testing AWS deployed resources
  • Understanding of cloud security best practices and standards such as CIS and PCI
  • Substantial scripting or developing in Python during the past 2 years
  • Experience developing red team tools or exploitations
  • Experience automating exploit testing and repetitive tasks
Responsibilities
  • Partner with Engineering, Product, IT, and other business functions to drive security improvement across the organization
  • Research emerging attack vectors, vulnerabilities and techniques
  • Utilize your offensive skills to build defenses against those who may point their attacks at Klaviyo
  • Emulate adversaries by attacking user endpoints, cloud platforms, cloud systems, etc
  • Collaborate closely with detection engineers to build high fidelity alerting based on emerging attack vectors and tactics, techniques and procedures
  • Actively participate in purple-team exercises to mature the security program
  • Triage and respond to incoming security alerts related to corporate and production systems