Anti Abuse Engineer

What You’ll Own

Abuse Detection & Signal Triage

• Monitor inbound abuse signals across platform telemetry, HackerOne reports, support queues, and internal alerting pipelines
• Triage abuse cases end-to-end, assessing severity and blast radius, classifying actor types, and routing to the correct response track
• Own the abuse case queue with clear SLAs to ensure no active threats age out without a definitive decision
• Identify complex patterns across distinct cases that point toward coordinated campaigns or emerging attack techniques

Incident Response & Remediation

• Lead response efforts for active abuse incidents, coordinating closely with Platform and Infrastructure teams to execute containment actions and drive remediation to closure
• Write clear, timely communications to affected users and internal stakeholders throughout the lifecycle of an incident
• Conduct thorough post-incident reviews, feeding findings back into detection rules, runbooks, and platform controls
• Maintain and improve incident runbooks to ensure response execution is consistent, scalable, and reproducible across time zones

Detection Engineering & Automation

• Build and tune detection logic against platform telemetry and Supabase-native data sources, including Postgres query patterns, Edge Function invocations, auth anomalies, and storage abuse
• Automate repetitive triage and response actions to aggressively reduce manual toil, increase response speed, and improve consistency
• Contribute to the Anti-Abuse Platform architecture, optimizing the blocklist schema, the remediation action ladder (L1–L4), and enforcement pipelines
• Instrument metrics for detection coverage and alert fidelity, closely tracking false positive rates, detection latency, and remediation time

Tooling & Platform Improvement

• Maintain and improve the abuse operations toolchain, including case management systems, escalation workflows, and engineering reporting dashboards
• Partner with Core Engineering to design and implement platform-layer controls that eliminate abuse vectors by design rather than by reactive response
• Support Supabase for Platforms (SfP) customers by operationalizing the centralized Anti-Abuse platform for enterprise-grade use cases

Requirements

• 3+ years of experience in a security operations, trust & safety, or abuse-focused engineering role at a cloud-native product or platform company
• Hands-on experience with detection logic, including writing rules, tuning thresholds, and reducing noise in high-volume, highly complex signal environments
• Proven ability to run incident response end-to-end (triage, containment, communication, and postmortems)
• Proficient in SQL and a scripting language (Python heavily preferred) for log analysis, pattern detection, and building automation workflows
• Deep familiarity with abuse actor techniques, such as credential stuffing, account takeover (ATO), compute abuse, exfiltration, and spam/phishing infrastructure
• Thrive operating async-first in a globally distributed team — write clearly, default to explicit documentation, and close loops without needing reminders

Nice to Have

• Experience with Postgres, PostgREST, or Supabase platform internals
• Prior work building, scaling, or operating a multi-tenant abuse detection or trust & safety platform
• Familiarity with threat intelligence feeds and IOC enrichment pipelines
• Exposure to modern SIEM tooling (Scanner.dev, Splunk, Datadog, or similar)
• Experience triaging and managing HackerOne or Bugcrowd reports at volume
• Working knowledge of SOC 2, ISO 27001, or similar compliance frameworks