Senior Product Security Engineer in London

Life360’s mission is to keep people close to the ones they love. Our category‑leading mobile app, Tile tracking devices, and Pet GPS tracker empower members to protect the people, pets, and things they care about most with a range of services, including location sharing, safe driver reports, and crash detection with emergency dispatch. Life360 serves approximately 95.8 million monthly active users (MAU), as of December 31, 2025, across more than 180 countries. Life360 delivers peace of mind and enhances everyday family life with seamless coordination for all the moments that matter, big and small.

Life360 is a Remote‑First company, which means a remote work environment will be the primary experience for all employees. All positions, unless otherwise specified, can be performed remotely (within the US) regardless of any specified location above.

About The Team: The Information Security and Technology team is responsible for keeping Life360 safe – our systems, our employees, and the tens of millions of families who trust us with their location data. We are builders. Security controls that don't get used aren't controls. Compliance programs that create friction without reducing risk aren't programs. We build things that work in production, earn adoption from engineering teams, and get better over time – and we use AI to do it at a scale a traditional team couldn't.

About the Job: Product Security at Life360 sits at the intersection of a consumer platform trusted by nearly 100 million families and an engineering organization moving fast into AI‑native development. This role is engaged across product and platform teams as a security partner, not a gate. You'll conduct design reviews, build secure defaults, drive vulnerability management, and help shape how we ship safely across mobile, backend, data pipelines, and an expanding surface of AI‑powered features.

What You’ll Do:

• Conduct security architecture reviews across mobile (iOS/Android), backend (Java, Python, PHP), data pipelines, and third‑party integrations.
• Translate threat models and security requirements into pragmatic guidance engineers can act on.
• Build trusted relationships with product and platform engineering teams.
• Further operationalize and tune ASPM tooling (Cycode) to unify SAST, SCA, secret scanning, and container security into actionable signal, not noise.
• Build security‑as‑code patterns and pre‑approved libraries that make the secure path the default path.
• Automate vulnerability triage, deduplication, and routing so the team spends time on judgment, not toil.
• Drive SLA‑based remediation workflows with clear severity definitions, ownership, and escalation paths.
• Build metrics that translate security posture into language engineering leadership and executives can use.
• Partner on design reviews for AI‑powered features: model access controls, data boundary enforcement, and retrieval system authorization.
• Contribute to securing agent workflows, MCP integrations, and shared AI tooling as adoption scales across engineering.
• Work with Privacy, Legal, and Data Platform on controls for sensitive data: real‑time location, family relationships, and data involving minors.

What We’re Looking For:

• 5+ years in application security, product security, or DevSecOps with a track record of shipping controls that earn adoption, not just approval.
• Hands‑on builder. You define secure patterns, write code, and deliver tooling that holds up in production.
• Experience conducting threat models and security architecture reviews across mobile (iOS/Android), cloud (AWS/GCP), and backend services (Java, Python, PHP).
• Practical experience securing AI/ML systems.
• Working knowledge of ASPM platforms and security tooling: SAST, SCA, secret scanning, container scanning.
• Familiarity with CI/CD security integration.
• Solid grounding in secure development practices: OWASP Top 10, OWASP LLM Top 10, secure‑by‑design principles, and practical remediation guidance.
• Comfort with ambiguity.
• Strong cross‑functional communication.

Nice to Have:

• Experience with multi‑agent orchestration frameworks and their identity and authorization challenges.
• Background in consumer technology or privacy‑sensitive domains.
• Experience securing location‑based services or products involving data from minors.
• CISSP, OSCP, GWAPT, or similar certifications.
• Contributions to open‑source security tools, public research, or conference speaking.

Life360 Values: Our company’s mission‑driven culture is guided by our shared values to create a trusted work environment where you can bring your authentic self to work and make a positive difference.

Our Commitment to Diversity: We believe that different ideas, perspectives and backgrounds create a stronger and more creative work environment that delivers better results. Together, we continue to build an inclusive culture that encourages, supports, and celebrates the diverse voices of our employees.