Product Security Engineer

Remote

Apply with AI Apply

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Cloud Computing, Software Development, DatabaseIndustries

Requirements

Candidates should have at least 5 years of experience in a Product Security team, preferably for a cloud-native product company. They must be tool-savvy, comfortable with bug-bounty platforms like HackerOne and compliance tooling such as Vanta or Drata, and proficient with ticketing systems like Jira and code analysis tools like Snyk or Semgrep. Familiarity with common frameworks such as SOC 2, HIPAA, or ISO 27001 is required, along with strong communication skills and experience working in an async-first, globally distributed team.

Responsibilities

The Product Security Engineer will be responsible for bridging and supporting security triage, owning HackerOne bug-bounty reports and internal security requests, and assessing severity and business impact. They will work with product teams to validate security fixes, assist with threat response, and help keep product dependencies up to date. This role also involves managing and improving secure development pipelines, overseeing code analysis systems, triaging code scanning alerts, and performing continuous in-house security reviews. Additionally, the engineer will manage compliance and assurance initiatives, partner on adding compliance controls to customer-facing products, and champion security culture by contributing to RFCs, responding to security questions, and creating training materials.

Skills

Product Security

Security Triage

HackerOne

Bug Bounty

Security Operations

Incident Response

Secure Development

Code Analysis

Vulnerability Management

Cloud Security

Postgres

Supabase

Open-source backend service for developers

About Supabase

Supabase provides an open-source backend as a service (BaaS) platform that helps developers and businesses create scalable applications more easily. It offers real-time databases, authentication, and storage solutions, all designed to integrate smoothly into existing workflows. This means developers can focus on building their applications without needing to spend a lot of time on backend development. Supabase operates on a freemium model, where users can access basic services for free, while advanced features are available through paid subscriptions. This approach allows it to cater to various user needs. What sets Supabase apart from its competitors is its open-source nature, which allows users to customize the platform and benefit from community-driven enhancements. The company aims to provide a reliable and efficient solution for developers, ensuring high uptime for applications that are critical to their users.

Singapore, SingaporeHeadquarters

2020Year Founded

$190.8MTotal Funding

SERIES_CCompany Stage

Consumer Software, Enterprise SoftwareIndustries

51-200Employees

Benefits

Remote work from anywhere

Autonomous work

Health, vision & dental benefits

Generous tech allowance

Annual education allowance

Annual run off-sites

Risks

Increased competition from other open-source BaaS platforms like Appwrite and Nhost.

Potential security vulnerabilities in open-source projects if not regularly updated.

Freemium model may challenge conversion of free users to paid subscribers.

Differentiation

Supabase offers a real-time database with self-documenting APIs for PostgreSQL.

The platform is open-source, allowing for community-driven improvements and customization.

Supabase provides a comprehensive suite of tools for scalable application development.

Upsides

Supabase raised $80M in Series C, totaling $196M in funding.

Growing demand for open-source solutions boosts Supabase's market potential.

Increased interest in real-time data processing aligns with Supabase's capabilities.

Land your dream remote job 3x faster with AI

Try Jobo Free