Product Security Engineer

Supabase is the Postgres development platform, built by developers for developers. We provide a complete backend solution including Database, Auth, Storage, Edge Functions, Realtime, and Vector Search. All services are deeply integrated and designed for growth.

Safeguarding that data is core to our mission. We’re hiring a Product Security Engineer to be secure our cloud platform, reviewing product security and working with teams to create innovative security solutions that set the industry standard. Ensuring every product at Supabase stays secure by default.

What You'll Own:

• Bridge and support security triage

  • Own HackerOne bug-bounty reports, product support tickets, and internal security requests.

    • Quickly assess severity and business impact, create actionable actions for resolution, and route them to the relevant product teams.

    • Work with product teams to validate security fixes and prevent regressions.

  • Work with Security Operations to respond to incoming threats and understand how they pertain to the Supabase product.

  • Assist product teams in keeping all product dependencies up to date.

• Assist incident response & follow-through

  • Extension of the above bridging role between Security and Product.

    • Work with Security Operations on investigation, remediation, and post-mortem activities for security events related to Supabase products.

    • Track SLAs, chase blockers, and close the loop with reporters - ensuring clear, timely communication throughout.

• Manage and improve secure development and keep our security signals healthy

  • Help oversee, extend and maintain our secure development pipelines and training.

    • Ensure code analysis systems and workflows remain effective, actionable, and low-noise.

    • Create and extend code scanning rules or new tools.

    • Tune alert rules, improve duplicate/false-positive handling, and feed lessons learned back into detections and playbooks.

    • Maintain and refine runbooks, workflows, and metrics dashboards for continuous improvement.

  • Triage and follow up on code scanning alerts with Engineering and Infrastructure teams where needed.

  • Perform continuous in-house security reviews of products and new features.

  • Work with external pentesters

• Manage compliance & assurance initiatives

  • Understand our compliance responsibilities, namely SOC 2 and HIPAA audits.

  • Partner with the Product, Security Engineering and Compliance teams to add meaningful compliance controls to our customer facing products.

  • Add customer value by ensuring products are secure and compliant by default, shifting burden from customers and improving our shared responsibility model.

• Champion security culture

  • Create, review and contribute to product RFCs.

  • Respond to ad-hoc security questions from engineers, sales, and support.

  • Contribute to internal training, FAQs, and knowledge-base articles to raise the overall security IQ of the company.
    

What You Bring:

• 5+ years in a Product Security team, preferably for a cloud-native product company.

• Comfortable with bug-bounty platforms (HackerOne, Bugcrowd), compliance tooling (Vanta, Drata), ticketing/CRM systems (HubSpot, Jira), Burpsuite and Code analysis tooling (Snyk, CodeQL, Semgrep).

• You enjoy turning chaos into checklists, measuring progress, and nudging tasks over the finish line.

• Ability to translate security jargon into developer-friendly action items and customer-friendly updates.

• Working knowledge of SOC 2, HIPAA, ISO 27001, or related standards.

• You write things down, default to transparency, and can triage effectively across time zones.
  

What We Offer

• Fully Remote

  We hire globally. We believe you can do your best work from anywhere. There are no Supabase offices, but we provide a WeWork membership or co-working allowance you can use anywhere in the world.

• ESOP

  Every team member receives ESOP (equity ownership) in the company. We want everyone to share in the upside of what we’re building together.

• Tech Allowance

  Use this budget to set up your ideal work environment—laptop, monitor, headphones, or whatever helps you do your best work.

• Health Benefits

  Supabase covers 100% of health insurance for employees and 80% for dependents, wherever you are. Your wellbeing and your family’s health are important to us.

• Annual Off-Sites

  Once a year, the entire company gathers in a new city for a week of connection, collaboration, and fun. It’s a highlight of our year.

• Flexible Work

  We operate asynchronously and trust you to manage your own time. You know what needs to be done and when.

• Professional Development

  Every team member receives an annual education allowance to spend on learning—courses, books, conferences, or anything that supports your growth.

About the Team

Supabase was born-remote and open-source-first. We believe our globally distributed team is our secret weapon in building tools developers love.

• 120+ team members

• 35+ countries

• 15+ languages spoken

• $396M raised

• 350,000+ community members

• 20,000+ memes posted (and counting)

We move fast, build in public, and use what we ship. If it’s in your project, we probably use it in ours too. We believe deeply in the open-source ecosystem and strive to support—not replace—existing tools and communities.

Hiring Process

We keep things simple, async-friendly, and respectful of your time:

1. Apply – Our team will review your application.

2. Intro Call – A short video chat to get to know each other.

3. Interviews – Up to four calls with:

   • Founders

   • Future teammates

   • Someone cross-functional from product, growth, or engineering (depending on the role)

4. Decision – We may follow up with a final question or go straight to offer.

All communication is remote and we aim to move fast.