supabase - Product Manager - Security & Trust (EMEA/AMER)

• Set the security agenda for the platform. Lead Supabase's platform security roadmap end-to-end, from the defaults that protect a developer prototyping their first project to the advanced controls a Fortune 500 CISO needs before approving us. • Hold the line between security and developer experience. Every security feature trades protection against friction. A control that's too strict pushes developers off the platform; one that's too easy to bypass doesn't protect anyone. • Lead our security strategy for AI agents. Agents now read, write, and deploy on behalf of developers and companies, often at machine speed. You'll lead how Supabase authenticates, scopes, and audits agent activity so customers can give them real capability while staying in control of their data. • Own our security product surface. Drive the roadmap for the security tooling customers use to operate safely on Supabase: firewall, security advisors, audit logs, Supabase Vault, just-in-time database access, and the IAM primitives that let regulated customers get to "yes" with their security team. • Define the unified access model across Supabase. Roles, permissions, personal access tokens, OAuth integrations, organization and project modeling, SSO, and SCIM are foundational to how customers manage who can do what. You'll set the strategy that ties them together and drive the cross-cutting RFCs from proposal to shipped code. • Drive the compliance roadmap. Supabase already runs a strong compliance program with SOC2 and HIPAA in place. Your job is to define what comes next so more regulated companies can adopt us. • Be the customer's voice for security. Talk to enterprise prospects, regulated customers, and the security teams behind them. Translate what you hear into a roadmap that earns trust at every customer size, from the indie hacker prototyping their first project to the Fortune 500 CISO evaluating us for their most regulated workloads. • Ship the docs that go with the code. Make the security guides https://supabase.com/docs/guides/security on supabase.com http://supabase.com the best in the category: clear, opinionated, and trustworthy enough that a developer evaluating us comes away convinced. • YOU MIGHT BE A GOOD FIT IF YOU • Have 7+ years in product management, with serious time on security, identity and access, infrastructure, or developer platform products at a company where security mattered to enterprise buyers. • Have deep working knowledge of the security primitives our customers use like authentication, authorization (RBAC, RLS), audit logging, secrets management, OAuth. • Have a track record of leading cross-functional initiatives across Product, Engineering, Security, GTM, and Compliance, and driving multi-team RFCs from proposal to shipped code. • Are 100% comfortable in a remote, async, write-it-down culture. • Are an exceptional writer. You can draft a customer-facing security disclosure, an internal threat model, a docs page, or a one-pager for a CISO without losing voice or precision.