Staff Security Operations Engineer

Life360 is a company dedicated to keeping families connected and safe through innovative technology. They are seeking a Staff Security Operations Engineer to lead their next-generation security operations program, focusing on building an AI-native security observability platform and enhancing detection and response capabilities.

Responsibilities:

• Own the roadmap for detection and response. The platform decisions, the architecture decisions, the build-versus-buy calls — you make them, and you defend them
• Build and mature the security observability platform. Own the security telemetry layer across infrastructure, identity, endpoint, SaaS, and AI-native systems. Partner with Data Platform on the SIEM and data lake foundation that makes all of it queryable and scalable
• Deploy AI agents that operate, not summarize. Agents handle triage, correlation, enrichment, and autonomous action on lower-criticality events where confidence is high, then extend into anomaly detection and threat hunting. Partner with AI platform teams on the safety patterns that make autonomous action trustworthy
• Build detection and response capabilities with AI at the center. Design workflows where AI creates, tests, and improves detection content — not just executes it. Build the case management and response orchestration that moves from signal to resolution with minimal human intervention
• Drive continuous validation of detection effectiveness. Run the measurement program — precision, false positive rates, signal quality — and design agentic tuning workflows that surface underperforming detections and reduce noise without a human in every loop
• Own incident response end-to-end. Severity matrix, communication cadence, roles, escalation paths, executable playbooks, and the measurement program that tells us whether we're improving. Drive post-incident reviews that produce measurable change. Participate in the on-call rotation and lead response for high-severity events
• Make detection and response a design-time concern, not an afterthought. Partner with Security Engineering, GRC, IT, Engineering, Legal, and Privacy to ensure observability and response coverage is part of how systems are launched
• Lead, develop, and represent. Raise the technical bar through code review, design review, and direct coaching. Represent Life360 and the team externally where appropriate

Requirements:

• 8+ years of hands-on security operations or detection engineering experience with a track record of building things that hold up in production — not just advising on them
• Hands-on experience building AI-powered security workflows in production. Automated triage, AI-driven alert correlation, agentic investigation, integrated into a real operations stack. You can articulate where AI worked, where it didn't, and how you measured the difference
• Deep AWS experience — CloudTrail, IAM, GuardDuty, native logging — and the ability to investigate cloud incidents end-to-end. Comfortable writing detection queries and rules in whatever language your SIEM speaks
• Identity-centric thinking. You know that identity is the perimeter. Investigating Okta, SSO, OAuth, and session-based attacks is in your muscle memory
• Owned the architecture and deployment of a detection platform end-to-end. You've made the structural decisions, lived with them in production, and refined them over time
• Built a detection pipeline quality framework — precision measurement, false positive tuning, and continuous improvement processes. You can show the metrics that proved the program was getting better
• Designed and implemented incident response processes from scratch — severity matrices, escalation paths, and the measurement program around them
• Production-grade code. You can read, write, and ship it — and you use AI coding tools to operate with leverage. The bar is reliable, maintainable, observable, and production-ready
• A purple team orientation and hands-on hunting experience. You understand offensive techniques well enough to build detections against them, you've run hunts that produced real findings, and you've worked cases where the threat actor was inside the perimeter
• Strong technical communication. You can translate detection and response requirements into clear specs for engineering teams, brief executives on incidents, and write post-incident reviews that drive change
• Bachelor's degree or equivalent
• Built or significantly contributed to agentic workflows in production. You've designed agents that take action, formed strong opinions about where autonomy is safe and where human judgment is non-negotiable, and you understand how LLMs behave under adversarial conditions
• Familiarity with AI agent frameworks and the security implications of agentic systems with production access
• Published detection content, given conference talks, or contributed to open-source security tooling
• Experience with container and Kubernetes security telemetry
• Direct experience investigating nation-state actors or APT-class threats
• High-growth environment experience where the security program had to be built while it was being run