Key skills
AILLMRAGAgenticAutoGenLangGraphIAMOAuthLeadershipCommunicationCollaborationOWASPCloud Security
About this role
Life360 is a company focused on keeping families connected and safe through innovative technology. They are seeking a Principal AI Security Engineer to secure their AI infrastructure by defining security architecture and ensuring the protection of sensitive location data. The role involves hands-on execution and collaboration with various engineering teams to establish robust security measures.
Responsibilities:
- Own the security strategy for frontier model access and MCP governance. Define how we securely connect to frontier models and external tool integrations: the risk framework, the authorization architecture, and the escalation model before those patterns harden at scale. Set the direction that builders implement within
- Architect the identity and trust model for non-human agents. Define how agents authenticate, how trust is established and revoked across orchestration chains, and how the model evolves as agent capabilities expand, covering service identities, scoped credentials, and least-privilege access patterns across the platform
- Set the adversarial defense posture for AI systems in production. Define our approach to prompt injection defense, adversarial input handling, and behavioral monitoring patterns and establish the detection philosophy, telemetry requirements, and response framework the team builds and operates within
- Shape security architecture for the common AI end-user platform. Lead design reviews and build the access controls, data boundary enforcement, and abuse detection that keep a shared AI environment safe across an employee population with varying privilege levels
- Secure the shared knowledge layer. Define access control and data governance for retrieval and reasoning, ensuring AI-powered tools don't inadvertently surface sensitive data to the wrong systems or users
- Build AI supply chain integrity into the platform. Develop model provenance practices, service vetting, and dependency controls that keep the AI stack trustworthy as it grows
- Partner with Privacy, Legal, and Data Platform to ensure the right controls are built into pipelines handling real-time location, family relationship data, and data involving minors
Requirements:
- 15+ years in security engineering with depth in application security, cloud security, IAM, or detection
- A track record of building controls that earn adoption, not just approval
- Security architecture ownership you've defined at the platform level in terms of trust models, data boundary topologies, and long-term viability that produces security outcomes without grinding velocity
- Hands-on fluency with LLM and agentic systems
- Deep grounding in IAM for non-human systems: service identities, OAuth, secrets management, RBAC/ABAC, and least-privilege architecture at scale
- Experience with production telemetry and detection at an architectural level
- Comfort with ambiguity and in-flight builds
- Strategic judgement on when to build v. buy and ability to lead the organization to wise investments
- Strong cross-functional communication across engineering, product, legal, privacy, and senior leadership
- You've contributed or ready to contribute to the security industry
- Familiarity with NIST AI RMF, OWASP LLM Top 10, and adjacent compliance environments for consumer data at scale
- Bachelor's degree or equivalent experience in Computer Science, Information Security, or a related field
- Experience with frontier model API security, tool-use authorization patterns, or access governance for AI systems at scale
- Hands-on experience with multi-agent orchestration frameworks (LangGraph, AutoGen, CrewAI, or similar) and their trust, identity, and authorization challenges
- Familiarity with knowledge graph architectures, vector stores, or RAG systems — and the access control and data boundary problems they introduce
- Red teaming or adversarial testing against AI systems: prompt injection, jailbreaks, data extraction, model inversion, or supply chain attacks
- Background in consumer technology or another domain where personal data sensitivity is a core product obligation — not just a legal requirement
- Experience designing or reviewing security for internal enterprise AI platforms serving non-technical users