Skip to content
SupabaseSupabaseUnited States

Product Security Engineer

Product Security Engineer strengthening security across Supabase's products, platform, and engineering workflows through threat modeling, code review, and scalable guardrails. Requires strong application security experience and comfort working async in a developer-first environment.

Salary not listed
RemoteSecurity Engineering

About the role

Responsibilities

  • Identify and close gaps across application security, secure design review, and vulnerability management
  • Conduct threat modeling, secure design reviews, and code reviews to identify practical remediation paths
  • Partner closely with engineering teams to provide product-focused security expertise and shape a modern security program
  • Mature how security is integrated in a developer-first environment, balancing pragmatism with strong technical judgment
  • Distinguish between theoretical risk and material business risk to prioritize security efforts effectively
  • Improve security posture through scalable mechanisms like tooling, automation, secure defaults, and developer-friendly guardrails
  • Support security incident response by helping triage, investigate, and coordinate remediation for product and platform security issues
  • Participate in security on-call rotations, helping respond to urgent security events
  • Help manage and mature bug bounty and vulnerability disclosure processes, including triage, validation, prioritization, and coordination with engineering teams

Requirements

  • Strong experience in product security, application security, or security engineering
  • Experience working with cloud-native, developer tools, SaaS, platform, or infrastructure products
  • Clear communication skills across both technical and non-technical audiences, especially in written, asynchronous environments
  • Deep understanding of application security fundamentals, including auth, session management, APIs, and secrets handling
  • Experience with vulnerability triage, bug bounty programs, responsible disclosure, or security incident response
  • Comfortable participating in potential security on-call rotation and balancing urgency, risk, and practical remediation

Nice-to-Haves

  • Experience with or interest in Postgres, Kubernetes, or building security guardrails that enable rather than enforce

Skills

Application SecurityThreat ModelingSecure Code ReviewVulnerability ManagementBug Bounty ProgramsSecurity Incident ResponseAuth & Session ManagementApi SecurityKubernetesPostgres
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k/yr
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k/yr
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k/yr
On-site3+ YOESecurity Engineering