Security Operations Engineer

Supabase is an open-source, fully remote company building developer tools for Postgres—and now running 3 million+ managed database instances in production. Safeguarding that data is core to our mission.

We’re hiring a Security Operations Engineer to be the frontline guardian of our cloud platform, turning raw alerts into resolved issues and ensuring every team at Supabase stays secure by default.

You will:
- Own inbound security triage- Monitor and sort HackerOne bug-bounty reports, Vanta compliance alerts, HubSpot support tickets, and internal security requests.- Quickly assess severity and business impact, file actionable tickets, and route them to the relevant product teams.- Manage and improve security tooling- Oversee and maintain our Mobile Device Management system (Jamf), EDR and other security related tooling- Triage and follow up on IDS alerts, coordinating with Engineering and Infrastructure teams where needed.- Ensure alerting systems and workflows remain effective, actionable, and low-noise.- Drive incident response & follow-through- Coordinate investigation, remediation, and post-mortem activities for security events.- Track SLAs, chase blockers, and close the loop with reporters - ensuring clear, timely communication throughout.- Keep our security signals healthy- Tune alert rules, improve duplicate/false-positive handling, and feed lessons learned back into detections and playbooks.- Maintain and refine runbooks, workflows, and metrics dashboards for continuous improvement.- Support compliance & assurance initiatives- Collect evidence from resolved findings for SOC 2 and HIPAA audits.- Partner with the Security Engineering and Compliance teams to turn operational gaps into long-term control improvements.- Champion security culture- Respond to ad-hoc security questions from engineers, sales, and support.- Contribute to internal training, FAQs, and knowledge-base articles to raise the overall security IQ of the company.

You are - Experienced in security operations. 3 + years in a Security Operations Center, CERT, or similar on-call/triage environment for a cloud-native product company.- Tool-savvy. Comfortable with bug-bounty platforms (HackerOne, Bugcrowd), compliance tooling (Vanta, Drata), ticketing/CRM systems (HubSpot, Jira), and at least one log/SIEM stack.- Process-oriented & relentless at follow-up. You enjoy turning chaos into checklists, measuring progress, and nudging tasks over the finish line.- Clear and empathetic communicator. Able to translate security jargon into developer-friendly action items and customer-friendly updates.- Familiar with common frameworks. Working knowledge of SOC 2, HIPAA, ISO 27001, or related standards.- Comfortable in an async-first, globally distributed team. You write things down, default to transparency, and can triage effectively across time zones.
- Nice to have: hands-on scripting for automation, experience with threat-intel feeds, prior work in a high-volume bug-bounty program._

We offer:
- 100% remote work from anywhere in the world. No location-based adjustment to your salary.- Autonomous work. We work collaboratively on projects, but you set your own pace.- Health, Vision and Dental benefits. Supabase covers 100% of the cost for employees and 80% for dependants- Generous Tech Allowance for any office setup you need- Annual Education Allowance- Annually run off-sites.

About the team- We're a startup. It's unstructured.- Collectively founded more than 30 startups.- Globally distributed team with more than 30 different nationalities.- We deeply believe in the efficacy of collaborative open source. We support existing communities and tools, rather than building "yet another xx".- We "dogfood" everything. If you use it in your project, we use it in Supabase.

Process- If you pass the screen you will be invited to up to four follow-up interviews.- The calls:
- usually take between 20-45 minutes each depending on the interviewer.- most of the time, are all 1:1.- will be with the founders, a member of either the growth or engineering team (depending on the role) and usually one other person from your immediate team or function.- go directly to making an offer.

Location

Remote

Employment Type

Full time

Location Type

Remote

Department

Engineering