logo inner

Security Operations Engineer

SupabaseWorldwideRemote

Supabase is an open-source, fully remote company building developer tools for Postgres—and now running 3 million+ managed database instances in production. Safeguarding that data is core to our mission.
We’re hiring a Security Operations Engineer to be the frontline guardian of our cloud platform, turning raw alerts into resolved issues and ensuring every team at Supabase stays secure by default.

You will:


  • Own inbound security triage
  • Monitor and sort HackerOne bug-bounty reports, Vanta compliance alerts, HubSpot support tickets, and internal security requests.
  • Quickly assess severity and business impact, file actionable tickets, and route them to the relevant product teams.
  • Manage and improve security tooling
  • Oversee and maintain our Mobile Device Management system (Jamf), EDR and other security related tooling
  • Triage and follow up on IDS alerts, coordinating with Engineering and Infrastructure teams where needed.
  • Ensure alerting systems and workflows remain effective, actionable, and low-noise.
  • Drive incident response & follow-through
  • Coordinate investigation, remediation, and post-mortem activities for security events.
  • Track SLAs, chase blockers, and close the loop with reporters - ensuring clear, timely communication throughout.
  • Keep our security signals healthy
  • Tune alert rules, improve duplicate/false-positive handling, and feed lessons learned back into detections and playbooks.
  • Maintain and refine runbooks, workflows, and metrics dashboards for continuous improvement.
  • Support compliance & assurance initiatives
  • Collect evidence from resolved findings for SOC 2 and HIPAA audits.
  • Partner with the Security Engineering and Compliance teams to turn operational gaps into long-term control improvements.
  • Champion security culture
  • Respond to ad-hoc security questions from engineers, sales, and support.
  • Contribute to internal training, FAQs, and knowledge-base articles to raise the overall security IQ of the company.

You are …


  • Experienced in security operations. 3 + years in a Security Operations Center, CERT, or similar on-call/triage environment for a cloud-native product company.
  • Tool-savvy. Comfortable with bug-bounty platforms (HackerOne, Bugcrowd), compliance tooling (Vanta, Drata), ticketing/CRM systems (HubSpot, Jira), and at least one log/SIEM stack.
  • Process-oriented & relentless at follow-up. You enjoy turning chaos into checklists, measuring progress, and nudging tasks over the finish line.
  • Clear and empathetic communicator. Able to translate security jargon into developer-friendly action items and customer-friendly updates.
  • Familiar with common frameworks. Working knowledge of SOC 2, HIPAA, ISO 27001, or related standards.
  • Comfortable in an async-first, globally distributed team. You write things down, default to transparency, and can triage effectively across time zones.

Nice to have: hands-on scripting for automation, experience with threat-intel feeds, prior work in a high-volume bug-bounty program.

We offer:


  • 100% remote work from anywhere in the world. No location-based adjustment to your salary.
  • Autonomous work. We work collaboratively on projects, but you set your own pace.
  • Health, Vision and Dental benefits. Supabase covers 100% of the cost for employees and 80% for dependants
  • Generous Tech Allowance for any office setup you need
  • Annual Education Allowance
  • Annually run off-sites.

About the team


  • We're a startup. It's unstructured.
  • Collectively founded more than 30 startups.
  • Globally distributed team with more than 30 different nationalities.
  • We deeply believe in the efficacy of collaborative open source. We support existing communities and tools, rather than building "yet another xx".
  • We "dogfood" everything. If you use it in your project, we use it in Supabase.

Process


  • The entire process is fully remote and all communication will happen over email or via video chat.
  • Once you've submitted your application, the team will review your submission and may reach out for a short screening interview over a video call.
  • If you pass the screen you will be invited to up to four follow-up interviews.
  • The calls:
  • usually take between 20-45 minutes each depending on the interviewer.
  • most of the time, are all 1:1.
  • will be with the founders, a member of either the growth or engineering team (depending on the role) and usually one other person from your immediate team or function.
  • Once the interviews are over, the team will meet to discuss several roles and candidates and may:
  • ask one or two follow-up questions over email or a quick call.
  • go directly to making an offer.

Life at Supabase

The Open Source Firebase Alternative. Create a backend in less than 2 minutes. Start your project with a Postgres Database, Authentication, instant APIs, and realtime subscriptions.
View more

Related Sub

This job belongs to these sub. Explore related roles here:
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb3 JobsiOS Developer JobsFront End Developer Remote JobsComputational Geometry JobsCannabis CareersView all
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2025