Staff Product Security Engineer

Life360

7d•$186,000 - $271,500•Remote

About The Position

Life360 protects what matters most - 90+ million people trust us with their family's safety and location data every day. We're seeking a Staff Product Security Engineer to architect and implement a world-class DevSecOps program that makes security invisible to developers while making our products impenetrable to adversaries. This isn't a checkbox compliance role. You'll build the security infrastructure that enables 200+ engineers to ship faster because of security, not despite it. You'll be the technical force behind transforming our SDLC into a secure-by-default pipeline where vulnerabilities are caught in the IDE, not in production. We are seeking a Staff Product Security Engineer to help establish and mature Life360's Product Security program. This role will focus on embedding security into the software development lifecycle (SDLC) through DevSecOps practices, defining secure architecture, and the development of secure enablement tooling. The ideal candidate will bring strong experience in application security, threat modeling, security tooling deployment (particularly ASPM platforms), and the ability to work as a security consultant with product and engineering teams. This person will play a critical role in creating secure-by-default paths for new features and products, ensuring we protect the location data and family safety features that millions of users trust us with.

Requirements

5+ years of hands-on experience in product security, application security, or DevSecOps roles.
Strong experience deploying and operationalizing Application Security Posture Management (ASPM) platforms, with particular emphasis on vulnerability management and findings handling.
Deep understanding of security tooling including SAST, DAST, secret scanning, SCA (Software Composition Analysis), and container scanning tools.
Proficiency in Python and the ability to learn new programming languages and technologies as needed (experience with Java, C, or PHP is a plus).
Extensive experience with threat modeling and security architecture reviews, with the ability to identify design flaws and provide actionable remediation guidance.
Strong knowledge of secure software development practices, including OWASP Top 10, secure coding principles, and secure-by-design methodologies.
Experience building security tooling and automation to scale security practices across development teams.
Familiarity with compliance frameworks including OWASP SAMM 2.0, NIST SSDF (Secure Software Development Framework), SOC 2, and GDPR, with working knowledge of privacy considerations.
Experience working with diverse technology stacks including mobile applications (iOS/Android), cloud infrastructure, and modern application development.
Expert-level threat modeling—you can identify design flaws that automated tools miss
Security architecture experience across diverse platforms: mobile (iOS/Android SDK security), cloud (AWS/GCP), embedded systems
CI/CD security integration—Jenkins, GitLab CI, GitHub Actions, CircleCI—where you've built security into build pipelines without breaking them
Working knowledge of OWASP SAMM 2.0, NIST SSDF, secure coding standards

Nice To Haves

CISSP certification or other relevant security certifications.
Experience with Cycode or similar ASPM platforms.
CISSP, OSCP, GWAPT, or similar certifications
Experience securing location-based services or privacy-sensitive consumer applications
Contributions to open-source security tools, public security research, or conference speaking
Familiarity with SOC 2, ISO 27001, GDPR compliance requirements

Responsibilities

Deploy and operationalize Cycode ASPM platform (or equivalent) as the central nervous system for application security—unifying SAST, SCA, secret scanning, container security, and IaC scanning into actionable intelligence
Build IDE-to-cloud security pipelines that catch vulnerabilities at code-write time, eliminating 90% of findings before merge
Create security-as-code frameworks that make the secure path the default path
Automate vulnerability triage, deduplication, and routing to eliminate manual security toil
Design and deploy pre-approved security patterns, libraries, and templates that enable developers to build securely without security expertise
Establish threat modeling as a lightweight, scalable practice integrated into product planning
Conduct security architecture reviews for high-risk features across mobile (iOS/Android), backend (Java, Python, PHP), and emerging hardware products
Build security tooling that developers actually want to use—think Spotify's Backstage for security
Establish SLA-driven vulnerability management workflows with clear severity definitions, ownership models, and escalation paths
Create friction-free remediation guidance—not "fix this," but "here's the exact code change needed"
Build metrics dashboards that translate security posture into business language executives understand
Partner with engineering leadership to embed security accountability into team objectives
Act as embedded security advisor to product and platform engineering teams
Translate complex security requirements into pragmatic, implementable solutions
Influence technical decisions at the architecture level—security considered in design, not bolted on after

Benefits

Competitive pay and benefits
Medical, dental, vision, life and disability insurance plans (100% paid for employees)
401(k) plan with company matching program
Mental Wellness Program & Employee Assistance Program (EAP) for mental well-being
Flexible PTO, 13 company-wide days off throughout the year
Winter and Summer Weeklong Synchronized Company Shutdowns
Learning & Development programs
Equipment, tools, and reimbursement support for a productive remote environment
Free Life360 Platinum Membership for your preferred circle
Free Tile Products