Life360 is hiring a Detection Content Lead to own and scale our security content operations. You will start by focusing on kernel drivers, file analysis, and certificate management, balancing hands-on technical work with building the team and processes needed for long-term scaling.
What You'll Do
- Drive security content decisions for kernel drivers, file classifications, and certificate validations with direct, hands-on analysis.
- Build and optimize content validation pipelines that balance automation with appropriate human oversight.
- Establish quality assurance processes to maintain high accuracy while meeting rapid response requirements.
- Design content workflows that can scale from individual contributor work to team-based operations.
- Start as an individual contributor and build a team of 2-5 people within 12 months.
- Collaborate with adjacent security teams to leverage existing expertise during ramp-up.
- Establish training programs and operational playbooks for content specializations.
- Evaluate and redesign existing processes where improvements can drive efficiency.
- Design and implement content management workflows across multiple security content types.
- Build monitoring and alerting systems for content performance and false positive detection.
- Create escalation procedures for high-risk content decisions and incident response.
- Establish metrics and SLAs for content delivery and quality standards.
What We're Looking For
- 5-10 years in cybersecurity operations, threat analysis, or security product development.
- Deep expertise in at least 2-3 of: kernel driver analysis and Windows system internals; file analysis/malware classification and static/dynamic analysis techniques; digital certificates and certificate validation workflows; network intelligence/IP reputation/DNS-based threat detection; behavioral detection and signature development.
- Experience designing and implementing technical workflows and automation.
- Strong understanding of ransomware TTPs and defensive countermeasures.
- Proven ability to make rapid technical decisions while maintaining quality standards.
- Experience building or scaling technical teams from the ground up.
Nice to Have
- Previous experience in anti-malware, EDR, or endpoint security products.
- Experience with threat intelligence platforms like MISP or ThreatConnect.
- Knowledge of SOAR platforms and security orchestration.
- Published research or tools in file analysis or threat detection.
- Relevant certifications such as CISSP, GCIH, GCFA, or SANS.
Technical Stack
- Kernel driver analysis
- Windows system internals
- File analysis
- Malware classification
- Static/dynamic analysis
- Digital certificates
- Certificate validation workflows
- Network intelligence
- IP reputation
- DNS-based threat detection
- Behavioral detection
- Signature development
- Threat intelligence platforms (MISP, ThreatConnect)
- SOAR platforms
Team & Environment
This is a player-coach role where you will start as an individual contributor tasked with building a team of 2-5 people within the first year.
Benefits & Compensation
- Salary range: $220k-$250k plus a generous equity offering.
- Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents.
- 401k plan with a generous employer contribution.
- Short and long-term disability coverage, basic life, and AD&D insurance plans.
- Medical and dependent care FSA options.
- Flexible PTO policy.
- Parental leave.
Work Mode
This is a remote position open to candidates based in the United States.
We take great pride in being an equal opportunity employer.
