Staff Security Operations Engineer

All positions, unless otherwise specified, can be performed remotely (within the US)Full-TimeStaff

Salary149,000 - 271,500 USD per year

Apply NowOpens the employer's application page

Job Details

Experience: 8+ years
Required Skills: AWSOAuth

Requirements

8+ years of hands-on security operations or detection engineering experience with a track record of building things that hold up in production — not just advising on them.
Hands-on experience building AI-powered security workflows in production. Automated triage, AI-driven alert correlation, agentic investigation, integrated into a real operations stack.
Deep AWS experience — CloudTrail, IAM, GuardDuty, native logging — and the ability to investigate cloud incidents end-to-end. Comfortable writing detection queries and rules in whatever language your SIEM speaks.
Identity-centric thinking. You know that identity is the perimeter. Investigating Okta, SSO, OAuth, and session-based attacks is in your muscle memory.
Owned the architecture and deployment of a detection platform end-to-end. You've made the structural decisions, lived with them in production, and refined them over time.
Built a detection pipeline quality framework — precision measurement, false positive tuning, and continuous improvement processes.
Designed and implemented incident response processes from scratch — severity matrices, escalation paths, and the measurement program around them.
Production-grade code. You can read, write, and ship it — and you use AI coding tools to operate with leverage.
A purple team orientation and hands-on hunting experience. You understand offensive techniques well enough to build detections against them, you've run hunts that produced real findings, and you've worked cases where the threat actor was inside the perimeter.
Strong technical communication. You can translate detection and response requirements into clear specs for engineering teams, brief executives on incidents, and write post-incident reviews that drive change.
Bachelor’s degree or equivalent

Responsibilities

Own the roadmap for detection and response. The platform decisions, the architecture decisions, the build-versus-buy calls — you make them, and you defend them.
Build and mature the security observability platform. Own the security telemetry layer across infrastructure, identity, endpoint, SaaS, and AI-native systems. Partner with Data Platform on the SIEM and data lake foundation that makes all of it queryable and scalable.
Deploy AI agents that operate, not summarize. Agents handle triage, correlation, enrichment, and autonomous action on lower-criticality events where confidence is high, then extend into anomaly detection and threat hunting.
Build detection and response capabilities with AI at the center. Design workflows where AI creates, tests, and improves detection content — not just executes it.
Drive continuous validation of detection effectiveness. Run the measurement program — precision, false positive rates, signal quality — and design agentic tuning workflows that surface underperforming detections and reduce noise without a human in every loop.
Own incident response end-to-end. Severity matrix, communication cadence, roles, escalation paths, executable playbooks, and the measurement program that tells us whether we're improving. Drive post-incident reviews that produce measurable change. Participate in the on-call rotation and lead response for high-severity events.
Make detection and response a design-time concern, not an afterthought. Partner with Security Engineering, GRC, IT, Engineering, Legal, and Privacy to ensure observability and response coverage is part of how systems are launched.
Lead, develop, and represent. Raise the technical bar through code review, design review, and direct coaching. Represent Life360 and the team externally where appropriate.

View Full Description & ApplyYou'll be redirected to the employer's site