Product Security Engineer

Job not on LinkedIn

🕒 May 27

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Supabase

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2020

☁️ SaaS

🔌 API

🤖 Artificial Intelligence

💰 $80M Series B on 2022-05

SaaS • API • Artificial Intelligence

Supabase is an open source alternative to Firebase, providing a range of backend tools designed to help developers start and scale their applications effectively. It offers features such as a full Postgres database, authentication with Row Level Security, instant APIs, Edge Functions for custom code, real-time data synchronization, and storage for large files. Developers can integrate machine learning models, utilize RESTful APIs, and take advantage of platform-integrated best of breed products. Supabase is designed to be highly portable, extendable, and user-friendly, making it a powerful choice for startups and enterprises looking to innovate quickly and efficiently.

📋 Description

• Identify and close gaps across application security, secure design review, and vulnerability management. • Conduct threat modeling, secure design reviews, and code reviews to identify practical remediation paths. • Partner closely with engineering teams to provide product-focused security expertise and shape a modern security program. • Mature how we think about security in a developer-first environment, balancing pragmatism with strong technical judgment. • Distinguish between theoretical risk and material business risk to prioritize security efforts effectively. • Improve security posture through scalable mechanisms like tooling, automation, secure defaults, and developer-friendly guardrails. • Support security incident response by helping triage, investigate, and coordinate remediation for product and platform security issues. • Participate in security on-call rotations, helping respond to urgent security events with clear judgment and calm execution. • Help manage and mature our bug bounty and vulnerability disclosure processes, including triage, validation, prioritization, and coordination with engineering teams.

🎯 Requirements

• Have strong experience in product security, application security, or security engineering. • Are comfortable working with cloud-native, developer tools, SaaS, platform, or infrastructure products. • Communicate clearly across both technical and non-technical audiences, especially in a written, asynchronous environment. • Are energized by solving real-world problems for developers and navigating ambiguity while moving quickly. • Possess a deep understanding of application security fundamentals, including auth, session management, APIs, and secrets handling. • Have experience with vulnerability triage, bug bounty programs, responsible disclosure, or security incident response. • Are comfortable participating in potential security on-call rotation and can balance urgency, risk, and practical remediation. • Have experience with or interest in Postgres, Kubernetes, or building security guardrails that enable rather than enforce.

🏖️ Benefits

• Fully Remote • ESOP • Tech Allowance • Health Benefits • Annual Off-Sites • Flexible Work • Professional Development