Staff Security Operations Engineer

Life360

5d•Remote

About The Position

We're hiring a Staff Security Operations Engineer to define and lead Life360's next-generation security operations program. This is a technical leadership role for someone who sets direction, raises the bar on the engineers around them, and builds the systems they design. We're building security operations the way they should work in 2026 — AI-native from day one. The foundation of that is a mature, high-fidelity security observability platform: the telemetry pipelines, detection surfaces, and data infrastructure that make everything else possible. Getting that foundation right is the prerequisite. What we build on top of it is what makes this role different from any SecOps job you've held before. The end state we're building toward is one where AI is a genuine operational partner — surfacing anomalies, supporting threat hunting, taking autonomous action on lower-criticality events where we have confidence in the outcome, and orchestrating response workflows that would otherwise require human hands at every step. AI agents handle triage, enrichment, and correlation. Humans focus on judgment calls and high-stakes decisions. Detection and response is treated as a software engineering discipline with measurement, quality loops, and safe rollout patterns. If you've been waiting for a role where you set the technical direction rather than execute someone else's, this is it. We use AI tools as a professional standard on this team. Daily use: You use AI tools for real, substantive work — analysis, drafting, automation, code, investigations, evidence gathering. Judgment and ownership: AI-generated work gets the same scrutiny you'd give any human-produced artifact. You're accountable for everything you ship. Domain-specific judgment: You know where AI is the wrong tool. Sensitive data handling, attacker-controlled inputs, agents with production access, and privileged identity changes all need careful guardrails — and you can articulate where AI helps, where it hurts, and where it needs a human in the loop. Leverage: When AI is working well, you take on problems that would otherwise require a larger team. We hire people who use that leverage to ship better outcomes, not just faster ones. Continuous learning: The tooling moves fast. You stay current, share what works with the team, and speak up when something would meaningfully change how we operate.

Requirements

8+ years of hands-on security operations or detection engineering experience with a track record of building things that hold up in production — not just advising on them.
Hands-on experience building AI-powered security workflows in production. Automated triage, AI-driven alert correlation, agentic investigation, integrated into a real operations stack. You can articulate where AI worked, where it didn't, and how you measured the difference.
Deep AWS experience — CloudTrail, IAM, GuardDuty, native logging — and the ability to investigate cloud incidents end-to-end. Comfortable writing detection queries and rules in whatever language your SIEM speaks.
Identity-centric thinking. You know that identity is the perimeter. Investigating Okta, SSO, OAuth, and session-based attacks is in your muscle memory.
Owned the architecture and deployment of a detection platform end-to-end. You've made the structural decisions, lived with them in production, and refined them over time.
Built a detection pipeline quality framework — precision measurement, false positive tuning, and continuous improvement processes. You can show the metrics that proved the program was getting better.
Designed and implemented incident response processes from scratch — severity matrices, escalation paths, and the measurement program around them.
Production-grade code. You can read, write, and ship it — and you use AI coding tools to operate with leverage. The bar is reliable, maintainable, observable, and production-ready.
A purple team orientation and hands-on hunting experience. You understand offensive techniques well enough to build detections against them, you've run hunts that produced real findings, and you've worked cases where the threat actor was inside the perimeter.
Strong technical communication. You can translate detection and response requirements into clear specs for engineering teams, brief executives on incidents, and write post-incident reviews that drive change.
Bachelor’s degree or equivalent

Nice To Haves

Built or significantly contributed to agentic workflows in production. You've designed agents that take action, formed strong opinions about where autonomy is safe and where human judgment is non-negotiable, and you understand how LLMs behave under adversarial conditions.
Familiarity with AI agent frameworks and the security implications of agentic systems with production access.
Published detection content, given conference talks, or contributed to open-source security tooling.
Experience with container and Kubernetes security telemetry.
Direct experience investigating nation-state actors or APT-class threats.
High-growth environment experience where the security program had to be built while it was being run.

Responsibilities

Own the roadmap for detection and response. The platform decisions, the architecture decisions, the build-versus-buy calls — you make them, and you defend them.
Build and mature the security observability platform. Own the security telemetry layer across infrastructure, identity, endpoint, SaaS, and AI-native systems. Partner with Data Platform on the SIEM and data lake foundation that makes all of it queryable and scalable.
Deploy AI agents that operate, not summarize. Agents handle triage, correlation, enrichment, and autonomous action on lower-criticality events where confidence is high, then extend into anomaly detection and threat hunting. Partner with AI platform teams on the safety patterns that make autonomous action trustworthy.
Build detection and response capabilities with AI at the center. Design workflows where AI creates, tests, and improves detection content — not just executes it. Build the case management and response orchestration that moves from signal to resolution with minimal human intervention.
Drive continuous validation of detection effectiveness. Run the measurement program — precision, false positive rates, signal quality — and design agentic tuning workflows that surface underperforming detections and reduce noise without a human in every loop.
Own incident response end-to-end. Severity matrix, communication cadence, roles, escalation paths, executable playbooks, and the measurement program that tells us whether we're improving. Drive post-incident reviews that produce measurable change. Participate in the on-call rotation and lead response for high-severity events.
Make detection and response a design-time concern, not an afterthought. Partner with Security Engineering, GRC, IT, Engineering, Legal, and Privacy to ensure observability and response coverage is part of how systems are launched.
Lead, develop, and represent. Raise the technical bar through code review, design review, and direct coaching. Represent Life360 and the team externally where appropriate.

Benefits

Competitive pay and benefits
Medical, dental, vision, life and disability insurance plans (100% paid for employees)
401(k) plan with company matching program
Mental Wellness Program & Employee Assistance Program (EAP) for mental well-being
Flexible PTO, 13 company-wide days off throughout the year
Winter and Summer Weeklong Synchronized Company Shutdowns
Learning & Development programs
Equipment, tools, and reimbursement support for a productive remote environment
Free Life360 Platinum Membership for your preferred circle
Free Tile Products