Key skills
KubernetesPostgresSupabaseSaaS
About this role
Supabase is an open-source-first company focused on building tools for developers. They are seeking a Product Security Engineer to enhance the security of their products and engineering workflows, collaborating closely with software engineers and infrastructure teams to proactively reduce risk and improve security posture.
Responsibilities:
- Identify and close gaps across application security, secure design review, and vulnerability management
- Conduct threat modeling, secure design reviews, and code reviews to identify practical remediation paths
- Partner closely with engineering teams to provide product-focused security expertise and shape a modern security program
- Mature how we think about security in a developer-first environment, balancing pragmatism with strong technical judgment
- Distinguish between theoretical risk and material business risk to prioritize security efforts effectively
- Improve security posture through scalable mechanisms like tooling, automation, secure defaults, and developer-friendly guardrails
- Support security incident response by helping triage, investigate, and coordinate remediation for product and platform security issues
- Participate in security on-call rotations, helping respond to urgent security events with clear judgment and calm execution
- Help manage and mature our bug bounty and vulnerability disclosure processes, including triage, validation, prioritization, and coordination with engineering teams
Requirements:
- Have strong experience in product security, application security, or security engineering
- Are comfortable working with cloud-native, developer tools, SaaS, platform, or infrastructure products
- Communicate clearly across both technical and non-technical audiences, especially in a written, asynchronous environment
- Are energized by solving real-world problems for developers and navigating ambiguity while moving quickly
- Possess a deep understanding of application security fundamentals, including auth, session management, APIs, and secrets handling
- Have experience with vulnerability triage, bug bounty programs, responsible disclosure, or security incident response
- Are comfortable participating in potential security on-call rotation and can balance urgency, risk, and practical remediation
- Have experience with or interest in Postgres, Kubernetes, or building security guardrails that enable rather than enforce