Product Security Engineer

Responsibilities

• Identify and close gaps across application security, secure design review, and vulnerability management
• Conduct threat modeling, secure design reviews, and code reviews to identify practical remediation paths
• Partner with engineering teams to provide product-focused security expertise and shape a modern security program
• Improve security posture through scalable mechanisms like tooling, automation, and developer-friendly guardrails
• Support security incident response by helping triage, investigate, and coordinate remediation for product and platform issues
• Manage and mature bug bounty and vulnerability disclosure processes, including triage and validation

Requirements

• Strong experience in product security, application security, or security engineering
• Deep understanding of application security fundamentals, including auth, session management, APIs, and secrets handling
• Experience with cloud-native, developer tools, SaaS, platform, or infrastructure products
• Experience with vulnerability triage, bug bounty programs, or security incident response
• Ability to communicate clearly in a written, asynchronous environment
• Comfort participating in a security on-call rotation

Preferred Qualifications

• Experience with Postgres or Kubernetes
• Experience building security guardrails that enable rather than enforce developer velocity

Benefits

• Fully remote work with a WeWork membership or co-working allowance
• Equity ownership (ESOP) for every team member
• Tech allowance for your ideal work environment
• 100% covered health insurance for employees and 80% for dependents
• Annual company-wide off-sites
• Flexible work and asynchronous operations
• Annual professional development and education allowance

About the Company

Supabase is a remote-first, open-source company building tools that developers love. With a globally distributed team of over 280 members across 55+ countries, we move fast, build in public, and support the open-source ecosystem.