supabase - Product Security Engineer
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Responsibilities
• Identify and close gaps across application security, secure design review, and vulnerability management. • Conduct threat modeling, secure design reviews, and code reviews to identify practical remediation paths. • Partner closely with engineering teams to provide product-focused security expertise and shape a modern security program. • Mature how we think about security in a developer-first environment, balancing pragmatism with strong technical judgment. • Distinguish between theoretical risk and material business risk to prioritize security efforts effectively. • Improve security posture through scalable mechanisms like tooling, automation, secure defaults, and developer-friendly guardrails. • Support security incident response by helping triage, investigate, and coordinate remediation for product and platform security issues. • Participate in security on-call rotations, helping respond to urgent security events with clear judgment and calm execution. • Help manage and mature our bug bounty and vulnerability disclosure processes, including triage, validation, prioritization, and coordination with engineering teams. • YOU MIGHT BE A GOOD FIT IF YOU • Have strong experience in product security, application security, or security engineering. • Are comfortable working with cloud-native, developer tools, SaaS, platform, or infrastructure products. • Communicate clearly across both technical and non-technical audiences, especially in a written, asynchronous environment. • Are energized by solving real-world problems for developers and navigating ambiguity while moving quickly. • Possess a deep understanding of application security fundamentals, including auth, session management, APIs, and secrets handling. • Have experience with vulnerability triage, bug bounty programs, responsible disclosure, or security incident response. • Are comfortable participating in potential security on-call rotation and can balance urgency, risk, and practical remediation. • Have experience with or interest in Postgres, Kubernetes, or building security guardrails that enable rather than enforce.
Benefits
• We hire globally. We believe you can do your best work from anywhere. There are no Supabase offices, but we provide a WeWork membership or co-working allowance you can use anywhere in the world. • Every team member receives ESOP (equity ownership) in the company. We want everyone to share in the upside of what we’re building together. • Tech Allowance • Use this budget to set up your ideal work environment—laptop, monitor, headphones, or whatever helps you do your best work. • Supabase covers 100% of health insurance for employees and 80% for dependents, wherever you are. Your wellbeing and your family’s health are important to us. • Annual Off-Sites • Once a year, the entire company gathers in a new city for a week of connection, collaboration, and fun. It’s a highlight of our year. • Flexible Work • We operate asynchronously and trust you to manage your own time. You know what needs to be done and when. • Professional Development • Every team member receives an annual education allowance to spend on learning—courses, books, conferences, or anything that supports your growth.
No credit card. Takes 10 seconds.