Logo for Supabase

Product Security Engineer

Role overview

Qualifications

  • Strong experience in product security, application security, or security engineering.
  • Comfortable working with cloud-native, developer tools, SaaS, platform, or infrastructure products.
  • Deep understanding of application security fundamentals, including auth, session management, APIs, and secrets handling.
  • Experience with vulnerability triage, bug bounty programs, or security incident response.

Responsibilities

  • Identify and close gaps across application security, secure design review, and vulnerability management.
  • Conduct threat modeling, secure design reviews, and code reviews to identify practical remediation paths.
  • Partner closely with engineering teams to provide product-focused security expertise.
  • Improve security posture through scalable mechanisms like tooling, automation, and developer-friendly guardrails.

About the company

Supabase logo

Supabase

Company details

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

About the Role

We’re looking for a Product Security Engineer to join our team and help strengthen how security is built into Supabase’s products, platform, and engineering workflows as we continue to scale. You’ll work closely with software engineers, infrastructure teams, and technical leadership, helping us proactively reduce risk earlier in the development lifecycle and ship securely by default.

This role is ideal for someone who thrives in async, fast-paced environments and is excited about building developer tools that scale to millions. Success in this role means improving the security posture of the product without becoming a blocker to speed, autonomy, or builder velocity.

What You’ll Be Responsible for

In this role, you’ll:

  • Identify and close gaps across application security, secure design review, and vulnerability management.

  • Conduct threat modeling, secure design reviews, and code reviews to identify practical remediation paths.

  • Partner closely with engineering teams to provide product-focused security expertise and shape a modern security program.

  • Mature how we think about security in a developer-first environment, balancing pragmatism with strong technical judgment.

  • Distinguish between theoretical risk and material business risk to prioritize security efforts effectively.

  • Improve security posture through scalable mechanisms like tooling, automation, secure defaults, and developer-friendly guardrails.

  • Support security incident response by helping triage, investigate, and coordinate remediation for product and platform security issues.

  • Participate in security on-call rotations, helping respond to urgent security events with clear judgment and calm execution.

  • Help manage and mature our bug bounty and vulnerability disclosure processes, including triage, validation, prioritization, and coordination with engineering teams.

You Might Be a Good Fit If You

  • Have strong experience in product security, application security, or security engineering.

  • Are comfortable working with cloud-native, developer tools, SaaS, platform, or infrastructure products.

  • Communicate clearly across both technical and non-technical audiences, especially in a written, asynchronous environment.

  • Are energized by solving real-world problems for developers and navigating ambiguity while moving quickly.

  • Possess a deep understanding of application security fundamentals, including auth, session management, APIs, and secrets handling.

  • Have experience with vulnerability triage, bug bounty programs, responsible disclosure, or security incident response.

  • Are comfortable participating in potential security on-call rotation and can balance urgency, risk, and practical remediation.

  • Have experience with or interest in Postgres, Kubernetes, or building security guardrails that enable rather than enforce.

What We Offer

  • Fully Remote

    We hire globally. We believe you can do your best work from anywhere. There are no Supabase offices, but we provide a WeWork membership or co-working allowance you can use anywhere in the world.

  • ESOP

    Every team member receives ESOP (equity ownership) in the company. We want everyone to share in the upside of what we’re building together.

  • Tech Allowance

    Use this budget to set up your ideal work environment—laptop, monitor, headphones, or whatever helps you do your best work.

  • Health Benefits

    Supabase covers 100% of health insurance for employees and 80% for dependents, wherever you are. Your wellbeing and your family’s health are important to us.

  • Annual Off-Sites

    Once a year, the entire company gathers in a new city for a week of connection, collaboration, and fun. It’s a highlight of our year.

  • Flexible Work

    We operate asynchronously and trust you to manage your own time. You know what needs to be done and when.

  • Professional Development

    Every team member receives an annual education allowance to spend on learning—courses, books, conferences, or anything that supports your growth.

About the Team

Supabase was born-remote and open-source-first. We believe our globally distributed team is our secret weapon in building tools developers love.

  • 280+ team members

  • 55+ countries

  • 20+ languages spoken

  • $500M raised

  • 500,000+ community members

We move fast, build in public, and use what we ship. If it’s in your project, we probably use it in ours too. We believe deeply in the open-source ecosystem and strive to support—not replace—existing tools and communities.

Hiring Process

We keep things simple, async-friendly, and respectful of your time:

  1. Apply – Our team will review your application.

  2. Intro Call – A short video chat to get to know each other.

  3. Interviews – Up to four calls with:

    • Team Leads

    • Future teammates

    • Someone cross-functional from product, growth, or engineering (depending on the role)

    • Someone from our leadership/founding team

  4. Decision – We may follow up with a final question or go straight to offer.

All communication is remote and we aim to move fast.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Engineer Related jobs

Other jobs at Supabase

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.