Product Security Engineer
Supabase is the open source Firebase alternative. We're building the features of Firebase using enterprise-grade open source tools. We are a remote-first company, backed by top investors, and trusted by over 350,000 developers.
Data security is paramount to our mission. We are seeking a talented and passionate Product Security Engineer to help secure our cloud platform. In this role, you will be responsible for reviewing product security, collaborating with product teams, and developing innovative security solutions that raise the bar for the entire industry. Your primary focus will be ensuring every product at Supabase is secure by default.
What You'll Do
Security Triage & Support: Be the first responder for security-related reports from our HackerOne bug bounty program, product support tickets, and internal requests.
Rapidly assess severity and business impact, create actionable remediation plans, and route issues to the appropriate product teams.
Partner with product teams to validate security fixes and prevent regressions.
Collaborate with Security Operations to analyze incoming threats and assess their impact on Supabase products.
Help product teams keep product dependencies updated.
Incident Response & Follow-Through: Extend the bridge between Security and Product teams during security incidents.
Work with Security Operations on investigation, remediation, and post-mortem activities for security events related to Supabase products.
Track SLAs, address blockers, and maintain clear, timely communication with reporters throughout the resolution process.
Secure Development & Security Signals: Manage and improve our secure development practices and maintain the health of our security signals.
Oversee, extend, and maintain our secure development pipelines and training programs.
Ensure code analysis systems and workflows remain effective, actionable, and low-noise.
Create and extend code scanning rules or develop new security tools.
Tune alert rules, improve duplicate/false-positive handling, and incorporate lessons learned into detections and playbooks.
Maintain and refine runbooks, workflows, and metrics dashboards for continuous improvement.
Triage and follow up on code scanning alerts with Engineering and Infrastructure teams.
Conduct continuous in-house security reviews of products and new features.
Collaborate with external penetration testers.
Compliance & Assurance: Manage compliance and assurance initiatives to meet industry standards.
Understand our compliance responsibilities, particularly regarding SOC 2 and HIPAA audits.
Partner with Product, Security Engineering, and Compliance teams to integrate meaningful compliance controls into our customer-facing products.
Enhance customer value by ensuring products are secure and compliant by default, shifting the burden from customers and strengthening our shared responsibility model.
Champion Security Culture: Foster a strong security culture within Supabase.
Create, review, and contribute to product RFCs.
Address ad-hoc security questions from engineers, sales, and support teams.
Contribute to internal training, FAQs, and knowledge-base articles to improve the company's overall security awareness.
What You'll Bring
Experience: 5+ years of experience in a Product Security team, preferably for a cloud-native product company.
Tools: Proficiency with bug bounty platforms (HackerOne, Bugcrowd), compliance tooling (Vanta, Drata), ticketing/CRM systems (HubSpot, Jira), Burpsuite, and code analysis tooling (Snyk, CodeQL, Semgrep).
Process-Oriented: A knack for transforming chaos into organized checklists, measuring progress, and driving tasks to completion.
Communication: Excellent communication skills, with the ability to translate security jargon into developer-friendly action items and customer-friendly updates.
Frameworks: Solid understanding of common security frameworks like SOC 2, HIPAA, ISO 27001, or related standards.
Remote Work: Comfort working in an async-first, globally distributed team; excellent at documenting processes, transparent communication, and effective triage across time zones.
Benefits
Fully Remote: Work from anywhere in the world. We provide a WeWork membership or co-working allowance.
Equity: Every team member receives ESOP (equity ownership) in the company.
Tech Allowance: Budget to set up your ideal work environment.
Health Benefits: Supabase covers 100% of health insurance for employees and 80% for dependents.
Annual Off-Sites: Company-wide gatherings in a new city each year.
Flexible Work: Asynchronous work environment with flexible hours.
Professional Development: Annual education allowance for courses, books, and conferences.
About the Team
Supabase was born remote and open-source-first. We believe our globally distributed team is our secret weapon in building tools developers love.
120+ team members
35+ countries
15+ languages spoken
$396M raised
350,000+ community members
20,000+ memes posted (and counting)
We move fast, build in public, and use what we ship. If it’s in your project, we probably use it in ours too. We believe deeply in the open-source ecosystem and strive to support—not replace—existing tools and communities.
Hiring Process
We keep things simple, async-friendly, and respectful of your time:
Apply – Our team will review your application.
Intro Call – A short video chat to get to know each other.
Interviews – Up to four calls with:
Founders
Future teammates
Someone cross-functional from product, growth, or engineering (depending on the role)
Decision – We may follow up with a final question or go straight to offer.
All communication is remote and we aim to move fast.