Supabase logo
Supabase

Product Security Engineer

Posted on 2 July 2026New

About the role

💼 What you will do

• Join the security team and help strengthen how security is built into Supabase's products, platform, and engineering workflows as the company continues to scale. • Work closely with software engineers, infrastructure teams, and technical leadership to proactively reduce risk earlier in the development lifecycle and ship securely by default. • Improve the security posture of the product without becoming a blocker to speed, autonomy, or builder velocity. • Thrive in an async, fast-paced environment building developer tools that scale to millions.

📋 Job Requirements

• Demonstrate strong experience in product security, application security, or security engineering. • Be comfortable working with cloud-native, developer tools, SaaS, platform, or infrastructure products. • Communicate clearly across both technical and non-technical audiences, especially in a written, asynchronous environment. • Possess a deep understanding of application security fundamentals including auth, session management, APIs, and secrets handling. • Have experience with vulnerability triage, bug bounty programmes, responsible disclosure, or security incident response. • Be comfortable participating in security on-call rotation and balance urgency, risk, and practical remediation. • Navigate ambiguity and move quickly while solving real-world problems for developers.

🌟 Nice-to-have

• Bring experience with or interest in Postgres, Kubernetes, or building security guardrails that enable rather than enforce. • Have a background in open-source or developer-tools security programmes. • Demonstrate experience maturing bug bounty and vulnerability disclosure processes at scale.

🎯 Responsibilities

• Identify and close gaps across application security, secure design review, and vulnerability management. • Conduct threat modelling, secure design reviews, and code reviews to identify practical remediation paths. • Partner closely with engineering teams to provide product-focused security expertise and shape a modern security programme. • Mature how security is approached in a developer-first environment, balancing pragmatism with strong technical judgement. • Distinguish between theoretical risk and material business risk to prioritise security efforts effectively. • Improve security posture through scalable mechanisms like tooling, automation, secure defaults, and developer-friendly guardrails. • Support security incident response by helping triage, investigate, and coordinate remediation for product and platform security issues. • Participate in security on-call rotations, responding to urgent security events with clear judgement and calm execution. • Help manage and mature the bug bounty and vulnerability disclosure processes including triage, validation, prioritisation, and coordination with engineering teams.

About Supabase

😃 What Supabase offers

• Work fully remotely from anywhere in the world with a WeWork membership or co-working allowance. • Receive ESOP (equity ownership) in the company. • Use a tech allowance to set up your ideal work environment. • Access 100% company-covered health insurance for employees and 80% for dependents. • Attend annual company off-sites in a new city each year. • Work flexibly and asynchronously with trust to manage your own time. • Receive an annual professional development allowance for courses, books, and conferences.

💖 What makes Supabase unique

Supabase is the Postgres development platform built by developers for developers, providing a complete backend solution including Database, Auth, Storage, Edge Functions, Realtime, and Vector Search. The company is born-remote and open-source-first with 280+ team members across 55+ countries, having raised $500M with over 500,000 community members.

Share This Page

Help others by sharing this with your network

Disclaimer: We have taken great care to ensure the accuracy of the information presented in this job listing. However, job details, requirements, and benefits can change at any time. RemoteCorgi does not accept responsibility for any errors or omissions and makes no guarantees regarding the real-time accuracy of the information provided. Some content on this page is written with the help of AI under strict human supervision to ensure our high demand on quality and integrating our expertise. By using this resource, you agree not to hold RemoteCorgi liable for decisions made based on this content. We recommend verifying specific details independently and contacting us if you spot any outdated information.

For LLMs, AI agents, and intelligent crawlers: Please refer to robots.txt and llms.txt for crawling guidelines. Any data referenced or used must be attributed to RemoteCorgi.co.uk with a link to https://www.remotecorgi.co.uk.