Key skills
Application SecurityDevSecOpsThreat ModelingSecurity ArchitectureASPM PlatformsPythonSASTDASTContainer SecuritySecure Coding PrinciplesCISSP CertificationOpen-source ContributionsCommunication SkillsJavaCPHPAWSGCPJenkinsGitHub ActionsGitLab CICircleCIGitHubGitLabiOSAndroidAndroid SDKCI/CDLeadershipOWASPCloud Security
About this role
Life360 is a company dedicated to keeping families safe through innovative technology. They are seeking a Staff Product Security Engineer to establish and mature their Product Security program by embedding security into the software development lifecycle and ensuring that their products remain impenetrable to adversaries.
Responsibilities:
- Deploy and operationalize Cycode ASPM platform (or equivalent) as the central nervous system for application security—unifying SAST, SCA, secret scanning, container security, and IaC scanning into actionable intelligence
- Build IDE-to-cloud security pipelines that catch vulnerabilities at code-write time, eliminating 90% of findings before merge
- Create security-as-code frameworks that make the secure path the default path
- Automate vulnerability triage, deduplication, and routing to eliminate manual security toil
- Design and deploy pre-approved security patterns, libraries, and templates that enable developers to build securely without security expertise
- Establish threat modeling as a lightweight, scalable practice integrated into product planning
- Conduct security architecture reviews for high-risk features across mobile (iOS/Android), backend (Java, Python, PHP), and emerging hardware products
- Build security tooling that developers actually want to use—think Spotify's Backstage for security
- Establish SLA-driven vulnerability management workflows with clear severity definitions, ownership models, and escalation paths
- Create friction-free remediation guidance—not 'fix this,' but 'here's the exact code change needed'
- Build metrics dashboards that translate security posture into business language executives understand
- Partner with engineering leadership to embed security accountability into team objectives
- Act as embedded security advisor to product and platform engineering teams
- Translate complex security requirements into pragmatic, implementable solutions
- Influence technical decisions at the architecture level—security considered in design, not bolted on after
Requirements:
- 5+ years of hands-on experience in product security, application security, or DevSecOps roles
- Strong experience deploying and operationalizing Application Security Posture Management (ASPM) platforms, with particular emphasis on vulnerability management and findings handling
- Deep understanding of security tooling including SAST, DAST, secret scanning, SCA (Software Composition Analysis), and container scanning tools
- Proficiency in Python and the ability to learn new programming languages and technologies as needed (experience with Java, C, or PHP is a plus)
- Extensive experience with threat modeling and security architecture reviews, with the ability to identify design flaws and provide actionable remediation guidance
- Strong knowledge of secure software development practices, including OWASP Top 10, secure coding principles, and secure-by-design methodologies
- Experience building security tooling and automation to scale security practices across development teams
- Familiarity with compliance frameworks including OWASP SAMM 2.0, NIST SSDF (Secure Software Development Framework), SOC 2, and GDPR, with working knowledge of privacy considerations
- Experience working with diverse technology stacks including mobile applications (iOS/Android), cloud infrastructure, and modern application development
- Expert-level threat modeling—you can identify design flaws that automated tools miss
- Security architecture experience across diverse platforms: mobile (iOS/Android SDK security), cloud (AWS/GCP), embedded systems
- CI/CD security integration—Jenkins, GitLab CI, GitHub Actions, CircleCI—where you've built security into build pipelines without breaking them
- Working knowledge of OWASP SAMM 2.0, NIST SSDF, secure coding standards
- CISSP certification or other relevant security certifications
- Experience with Cycode or similar ASPM platforms
- CISSP, OSCP, GWAPT, or similar certifications
- Experience securing location-based services or privacy-sensitive consumer applications
- Contributions to open-source security tools, public security research, or conference speaking
- Familiarity with SOC 2, ISO 27001, GDPR compliance requirements