Klaviyo is searching for our next Offensive Security team member. This position is a unique opportunity to develop tools and techniques for offensive web application penetration testing. You will execute against our existing code base, while also testing new features / functionality. You will work to protect Klaviyo, our customers, and their data. This position will require you to use your technical expertise to study the Klaviyo web application, find and verify risks, and work with engineering teams to address any findings.
The ideal candidate will be an offensive cybersecurity professional with a passion for analyzing codebases, testing hypotheses, and designing tools to impact web applications and their infrastructure. Responsibilities include triaging bug reports, assisting engineering teams with mitigation, and conducting manual web application testing using tools like Burp Suite Professional. Proven experience in compromising web applications and APIs in cloud environments, scripting for security testing, and clear communication of vulnerabilities is essential.
How you’ll make a difference:
Qualifications:
4+ years of experience in offensive security engineering disciplines (red teaming, penetration testing, fuzz testing, etc.).
Experience using open source and commercial scanners / exploit tools such as Burp / Nessus / OWASP ZAP as a reconnaissance tool.
Demonstrated application of cyber threat intelligence open source or commercial to guide testing / exploitation.
Substantial scripting or developing in Python during the past 2 years.