Staff Security Operations Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Take ownership of the roadmap for detection and response, making key decisions regarding platform architecture and build-versus-buy strategies, and defending those choices.

• Develop and enhance the security observability platform, managing the security telemetry layer across various environments including infrastructure, identity, endpoint, SaaS, and AI-native systems. Collaborate with the Data Platform team on the SIEM and data lake foundation to ensure scalability and query capabilities.

• Implement AI agents that not only summarize but actively operate, handling triage, correlation, enrichment, and autonomous actions on lower-criticality events with high confidence. Work alongside AI platform teams to establish safety patterns that ensure reliable autonomous actions.

• Create detection and response capabilities centered around AI. Design workflows that enable AI to generate, test, and refine detection content, rather than merely executing it. Develop case management and response orchestration systems that facilitate movement from signal to resolution with minimal human involvement.

• Promote ongoing validation of detection effectiveness by executing a measurement program focused on precision, false positive rates, and signal quality. Design agentic tuning workflows to highlight underperforming detections and diminish noise without requiring human intervention in every loop.

• Manage incident response comprehensively, including the severity matrix, communication frequency, defined roles, escalation procedures, and a measurement program to assess improvement. Lead post-incident reviews that drive measurable changes, and participate in the on-call rotation to handle high-severity incidents.

• Integrate detection and response into the design phase rather than treating it as an afterthought. Collaborate with Security Engineering, GRC, IT, Engineering, Legal, and Privacy teams to guarantee comprehensive observability and response coverage during system launches.

• Lead, mentor, and advocate for the team. Elevate the technical standards through code reviews, design critiques, and direct coaching, while also representing Life360 and the team externally when appropriate.

⛳️ Requirements

• Over 8 years of practical experience in security operations or detection engineering, with a proven record of building resilient systems in production rather than merely providing advisory services.

• Direct experience in creating AI-powered security workflows that are operational. Familiarity with automated triage, AI-driven alert correlation, and agentic investigation, integrated into a functioning operations stack. Ability to articulate the successes and failures of AI implementations and how outcomes were measured.

• Extensive experience with AWS services such as CloudTrail, IAM, GuardDuty, and native logging, along with the capability to investigate cloud incidents from start to finish. Proficient in crafting detection queries and rules in the language of your SIEM.

• An identity-focused mindset, recognizing that identity constitutes the perimeter. Experience investigating Okta, SSO, OAuth, and session-based attacks is second nature to you.

• Comprehensive ownership of the architecture and deployment of a detection platform from start to finish, having made foundational decisions and refined them through practical experience.

• Developed a detection pipeline quality framework, focusing on precision measurement, false positive tuning, and continuous improvement processes. Capable of presenting metrics that demonstrate program enhancements.

• Designed and initiated incident response processes from the ground up, including severity matrices, escalation paths, and associated measurement programs.

• Proficient in writing production-grade code; able to read, write, and deploy it effectively while leveraging AI coding tools for increased efficiency. Emphasis on reliability, maintainability, observability, and production readiness.

• A purple team mindset with hands-on experience in threat hunting. Well-versed in offensive techniques to build detections, having conducted hunts that yielded meaningful findings, as well as having dealt with incidents involving insider threats.

• Strong technical communication skills that allow for clear translation of detection and response requirements into specifications for engineering teams, briefing executives on incidents, and authoring post-incident reviews that facilitate organizational change.

• Bachelor’s degree or equivalent qualification.

🏝️ Benefits

• Comprehensive medical, dental, vision, life, and disability insurance plans fully covered for employees.

• 401(k) plan with company matching contribution.

• Mental Wellness Program and Employee Assistance Program (EAP) to support mental health.

• Flexible paid time off (PTO) along with 13 company-wide holidays throughout the year.

• Company-wide shutdowns for one week during both Winter and Summer.

• Opportunities for Learning and Development.

• Provision of equipment, tools, and reimbursement support to create a productive remote work environment.

• Complimentary Life360 Platinum Membership for your chosen circle.

• Complimentary Tile Products.