• Responsible for the day-to-day security operations of one or more information systems • Maintaining the system’s Authorization to Operate (ATO) under the DoD Risk Management Framework (RMF) • Serve as the primary point of contact for the ISSM, the Authorizing Official’s representative, and the engineering team on all matters of system security • Develop and maintain the full body of RMF artifacts—System Security Plan (SSP), Security Assessment Plan (SAP), Plan of Action and Milestones (POA&M), Continuous Monitoring strategy, Privacy Impact Assessment, and Contingency Plan • Shepherd packages through eMASS or equivalent • Track vulnerabilities, IAVMs, and STIG compliance; manage POA&M closure; coordinate audits and assessments; review system changes for security impact • Translate policy (NIST 800-53, CNSSI 1253, DoDI 8500.01, 8510.01) into clear engineering guidance • Proactively solve unusual and/or complex problems with little or no direction given • Operate effectively in a fast-paced technical environment supporting senior military leadership • Partner closely with the Cybersecurity Engineer, the engineering team, and government stakeholders to keep the system secure, compliant, and operational

• Design, implement, and harden security controls across cloud, on-premises, and hybrid environments • Partner with engineering, data, and operations teams to bake security into the build • Lead vulnerability management, conduct security architecture reviews, configure and tune security tooling (SIEM, EDR, IDS/IPS, vulnerability scanners), and respond to incidents end-to-end • Produce and maintain artifacts required for Authorization to Operate (ATO) under the DoD Risk Management Framework (RMF) • Translate NIST 800-53, DISA STIGs, and CNSSI guidance into practical engineering decisions • Work directly with the ISSO and ISSM to keep the system’s security posture defensible and auditable • Proactively solve unusual and/or complex problems with little, or no direction given • Thrive in a fast-paced technical environment that prioritizes mission impact and speed

• Secure how Life360 accesses frontier models. Design, build, and iterate the access controls, policy enforcement, and authorization patterns that govern how systems interact with the frontier models they rely on. • Build secure patterns for MCP access and tool use authorization. Build and own the controls that vets, risk-tier, and govern how we integrate with external tools and services via MCP as adoption expands across engineering teams. • Design and build the identity and authorization model for autonomous agents: service identities, scoped credentials, and least-privilege access patterns. Define and enforce the trust boundaries that govern how agents interact across orchestration chains. • Design and build agentic observability and adversarial defenses. Build the telemetry pipelines and behavioral monitoring that provide visibility into AI system behavior. Implement architecture-level defenses against prompt injection and related adversarial attack classes. • Shape security for the common AI end-user platform. Lead design reviews, build access controls, data boundary enforcement, and abuse detection that keep a shared AI environment safe across users with different privilege levels. • Secure the shared knowledge layer. Define access control and data governance for retrieval augmented and reasoning systems, ensuring AI-powered tools don't surface sensitive data to the wrong systems or users. • Build AI supply chain integrity into the platform. Develop model provenance practices, service vetting, and dependency controls that keep the AI stack trustworthy as it grows. • Partner with Privacy, Legal, and Data Platform to ensure the right controls are built into pipelines handling real-time location, family relationship data, and data involving minors.

• Own the security strategy for frontier model access and MCP governance. Define how we securely connect to frontier models and external tool integrations: the risk framework, the authorization architecture, and the escalation model before those patterns harden at scale. Set the direction that builders implement within • Architect the identity and trust model for non-human agents. Define how agents authenticate, how trust is established and revoked across orchestration chains, and how the model evolves as agent capabilities expand, covering service identities, scoped credentials, and least-privilege access patterns across the platform. • Set the adversarial defense posture for AI systems in production. Define our approach to prompt injection defense, adversarial input handling, and behavioral monitoring patterns and establish the detection philosophy, telemetry requirements, and response framework the team builds and operates within. • Shape security architecture for the common AI end-user platform. Lead design reviews and build the access controls, data boundary enforcement, and abuse detection that keep a shared AI environment safe across an employee population with varying privilege levels. • Secure the shared knowledge layer. Define access control and data governance for retrieval and reasoning, ensuring AI-powered tools don't inadvertently surface sensitive data to the wrong systems or users. • Build AI supply chain integrity into the platform. Develop model provenance practices, service vetting, and dependency controls that keep the AI stack trustworthy as it grows. • Partner with Privacy, Legal, and Data Platform to ensure the right controls are built into pipelines handling real-time location, family relationship data, and data involving minors.