Klaviyo - Denver, CO
posted 4 months ago
At Klaviyo, we are seeking an Application Security Engineering Manager to lead our Security Operations AppSec team. This role is pivotal as we expand our function to support the deployment of secure applications across our software ecosystem. The Application Security Engineering Manager will work collaboratively with various teams within Klaviyo to develop secure software patterns and apply them to shared libraries. This will enable our development and platform teams to concentrate on product functionality while ensuring security is integrated into our processes. The technical responsibilities of the Security Operations Application Security Engineers include developing a secure code architecture and patterns that allow Klaviyo to perform transactions efficiently and securely on our platform. The manager will identify legacy patterns of data access and work towards consolidating functionality into centralized libraries, simplifying code maintenance and modifications to core activities. A strong understanding of core third-party solutions such as Django and React is essential, as is the ability to leverage new security features within our codebase as they are released. The role also involves hands-on implementation of architecture designs and library development within our codebase, as well as maximizing the use of existing tooling to ensure our teams fully benefit from our investments. In terms of managerial responsibilities, the Application Security Engineering Manager will create roadmaps for Application Security goals that align with reducing risk across the platform. Success will be measured using standards such as the OWASP top 10, Secure Code Best Practices, and CIS Benchmarks. The manager will mentor Application Security Engineers, focusing on personal, technical, and career growth, while ensuring a healthy work/life balance by managing individual workloads. Tracking team performance, providing continuous feedback, and conducting periodic employee reviews are also key aspects of this role. Additionally, the manager will identify the necessary tooling to execute efficiently and enable all developers to practice secure code best practices, utilizing both internally developed and commercial products.