ProductSecurityEngineer

ABOUT THE ROLE We’re looking for a Product Security Engineer to join our team and help strengthen how security is built into Supabase’s products, platform, and engineering workflows as we continue to scale. You’ll work closely with software engineers, infrastructure teams, and technical leadership, helping us proactively reduce risk earlier in the development lifecycle and ship securely by default. This role is ideal for someone who thrives in async, fast-paced environments and is excited about building developer tools that scale to millions. Success in this role means improving the security posture of the product without becoming a blocker to speed, autonomy, or builder velocity. WHAT YOU’LL BE RESPONSIBLE FOR In this role, you’ll: - Identify and close gaps across application security, secure design review, and vulnerability management. - Conduct threat modeling, secure design reviews, and code reviews to identify practical remediation paths. - Partner closely with engineering teams to provide product-focused security expertise and shape a modern security program. - Mature how we think about security in a developer-first environment, balancing pragmatism with strong technical judgment. - Distinguish between theoretical risk and material business risk to prioritize security efforts effectively. - Improve security posture through scalable mechanisms like tooling, automation, secure defaults, and developer-friendly guardrails. - Support security incident response by helping triage, investigate, and coordinate remediation for product and platform security issues. - Participate in security on-call rotations, helping respond to urgent security events with clear judgment and calm execution. - Help manage and mature our bug bounty and vulnerability disclosure processes, including triage, validation, prioritization, and coordination with engineering teams. YOU MIGHT BE A GOOD FIT IF YOU - Have strong experience in product security, application security, or security engineer