Key skills
PythonJavaPHPAIMLLLMRAGAgenticAWSGCPiOSAndroidCI/CDLeadershipCommunicationOWASP
About this role
Life360 is a company dedicated to keeping families connected through innovative technology, including a popular mobile app and tracking devices. The Senior Product Security Engineer will partner with product and platform teams to enhance security across mobile, backend, and data pipelines, ensuring safe deployment of AI-powered features.
Responsibilities:
- Conduct security architecture reviews across mobile (iOS/Android), backend (Java, Python, PHP), data pipelines, and third-party integrations. You're the security partner teams come to during design, not after
- Translate threat models and security requirements into pragmatic guidance engineers can act on
- Build trusted relationships with product and platform engineering teams
- Further operationalize and tune ASPM tooling (Cycode) to unify SAST, SCA, secret scanning, and container security into actionable signal, not noise
- Build security-as-code patterns and pre-approved libraries that make the secure path the default path
- Automate vulnerability triage, deduplication, and routing so the team spends time on judgment, not toil
- Drive SLA-based remediation workflows with clear severity definitions, ownership, and escalation paths
- Build metrics that translate security posture into language engineering leadership and executives can use
- Partner on design reviews for AI-powered features: model access controls, data boundary enforcement, and retrieval system authorization
- Contribute to securing agent workflows, MCP integrations, and shared AI tooling as adoption scales across engineering
- Work with Privacy, Legal, and Data Platform on controls for sensitive data: real-time location, family relationships, and data involving minors
Requirements:
- 5+ years in application security, product security, or DevSecOps with a track record of shipping controls that earn adoption, not just approval
- Hands-on builder. You define secure patterns, write code, and deliver tooling that holds up in production. You're a practitioner, not just an advisor
- Experience conducting threat models and security architecture reviews across mobile (iOS/Android), cloud (AWS/GCP), and backend services (Java, Python, PHP). You catch design flaws that automated tools miss
- Practical experience securing AI/ML systems. You've worked with prompt pipelines, RAG architectures, model access controls, or agentic workflows and understand the trust, authorization, and data boundary problems they introduce
- Working knowledge of ASPM platforms and security tooling: SAST, SCA, secret scanning, container scanning. You've tuned these to produce signal, not noise
- Familiarity with CI/CD security integration. You've built security into pipelines without breaking developer velocity
- Solid grounding in secure development practices: OWASP Top 10, OWASP LLM Top 10, secure-by-design principles, and practical remediation guidance
- Comfort with ambiguity. You're energized by first-draft standards, testing approaches, and scaling what works rather than waiting for a playbook
- Strong cross-functional communication. You carry risk, tradeoffs, and technical decisions across engineering, product, and leadership without losing precision. You can reshape a risky decision clearly and constructively
- Experience with multi-agent orchestration frameworks and their identity and authorization challenges
- Background in consumer technology or privacy-sensitive domains where personal data is a core product obligation, not just a legal checkbox
- Experience securing location-based services or products involving data from minors
- CISSP, OSCP, GWAPT, or similar certifications
- Contributions to open-source security tools, public research, or conference speaking