Security Engineer

  • Supabase
  • Remote
  • 30 Apr, 2024

Job Description

Join Supabase

Supabase is an Open Source and fully remote company building developer tools for databases.

We are seeking an experienced Security Developer to manage the security of our hosted cloud offering. We currently manage over 1M Postgres instances and are growing fast. We are custodians of user data; securing their data is fundamental in ensuring users trust us.

You will

  • Help secure the Supabase Cloud offering.
  • Constantly improve the baseline security of the product suite by evaluating them from a security-centric perspective and making it part of our software development lifecycle
  • Investigate, triage and mitigate attacks on our platform
  • Improve our SOC2 and HIPAA offering by improving our product features like network restrictions, audit logs, etc
  • Work on our auditor on our annual SOC2 and HIPAA audits
  • Collaborate with external penetration testers and engage in ethical hacking to identify vulnerabilities in our system, while conducting regular security audits.
  • Oversee our Mobile Device Management (MDM) and manage endpoint security operations.
  • Implement and maintain our bug bounty program.

You are

  • Passionate about cybersecurity with a keen interest in breaking systems.
  • 5+ years working in the security domain
  • Knowledge of regulatory compliance requirements like SOC2, HIPAA and ISO 27001
  • Experience in configuration, troubleshooting, and maintenance of the security infrastructure of a fast-growing company
  • Experience with application penetration testing is a plus

We offer:

  • 100% remote work from anywhere in the world. No location-based adjustment to your salary.
  • ESOP (equity ownership in the company)
  • Autonomous work. We work collaboratively on projects, but you set your own pace.
  • Health, Vision and Dental benefits. Supabase covers 100% of the cost for employees and 80% for dependents
  • Tech Allowance for any office setup you need 
  • Annual Education Allowance ($1000)
  • Annually run off-sites.


Supabase adds auth, realtime, and restful APIs to Postgres without a single line of code.

Each project within Supabase is an isolated Postgres cluster, allowing customers to scale independently, while still providing the features that you need to build: instant database setup, auth, row level security, realtime data streams, auto-generating APIs, and a simple to use web interface.

We are a fully remote company.

Key Tech: Javascript, Typescript, Go, Elixir, PostgREST (haskell), Postgres, Pulumi.

About the team

  • We're a startup. It's unstructured.
  • Collectively founded more than a dozen venture-backed companies.
  • More than 10 different nationalities.
  • We deeply believe in the efficacy of collaborative open source. We support existing communities and tools, rather than building "yet another xx".
  • We "dogfood" everything. If you use it in your project, we use it in Supabase.


  • The entire process is fully remote and all communication will happen over email or via video chat.
  • Once you've submitted your application, the team will review your submission, and may reach out for a short screening interview over video call.
  • If you pass the screen you will be invited to up to four follow up interviews. The calls:
    • usually take between 20-45 minutes each depending on the interviewer.
    • are all 1:1.
    • will be with both founders, a member of either the growth or engineering team (depending on the role), and usually one other person from your immediate team or function.
  • Once the interviews are over, the team will meet to discuss several roles and candidates and may:
    • ask one or two follow-up questions over email or a quick call.
    • go directly to making an offer.