# Product Security Engineer

**Company:** [Supabase](https://hotfix.jobs/companies/supabase)
**Location:** Remote
**Role:** Security Engineering
**Skills:** Application Security, Threat Modeling, Secure Code Review, Vulnerability Management, Bug Bounty Programs, Security Incident Response, Auth & Session Management, Api Security, Kubernetes, Postgres
**Posted:** 2026-05-27

> Product Security Engineer strengthening security across Supabase's products, platform, and engineering workflows through threat modeling, code review, and scalable guardrails. Requires strong application security experience and comfort working async in a developer-first environment.

## Job Description

## Responsibilities
- Identify and close gaps across application security, secure design review, and vulnerability management
- Conduct threat modeling, secure design reviews, and code reviews to identify practical remediation paths
- Partner closely with engineering teams to provide product-focused security expertise and shape a modern security program
- Mature how security is integrated in a developer-first environment, balancing pragmatism with strong technical judgment
- Distinguish between theoretical risk and material business risk to prioritize security efforts effectively
- Improve security posture through scalable mechanisms like tooling, automation, secure defaults, and developer-friendly guardrails
- Support security incident response by helping triage, investigate, and coordinate remediation for product and platform security issues
- Participate in security on-call rotations, helping respond to urgent security events
- Help manage and mature bug bounty and vulnerability disclosure processes, including triage, validation, prioritization, and coordination with engineering teams

## Requirements
- Strong experience in product security, application security, or security engineering
- Experience working with cloud-native, developer tools, SaaS, platform, or infrastructure products
- Clear communication skills across both technical and non-technical audiences, especially in written, asynchronous environments
- Deep understanding of application security fundamentals, including auth, session management, APIs, and secrets handling
- Experience with vulnerability triage, bug bounty programs, responsible disclosure, or security incident response
- Comfortable participating in potential security on-call rotation and balancing urgency, risk, and practical remediation

## Nice-to-Haves
- Experience with or interest in Postgres, Kubernetes, or building security guardrails that enable rather than enforce

## Similar roles

- [Security Program Manager](https://hotfix.jobs/jobs/e7f7fcaf-1979-4194-9131-83689809fe47) - Forus - New York, NY
- [Safeguards Enforcement Analyst, Account Takeover & Credential Abuse](https://hotfix.jobs/jobs/31f5d0ec-9b31-4419-a4b1-2e826ec7a358) - Anthropic - San Francisco, CA - $245k – $285k/yr
- [Application Security Engineer](https://hotfix.jobs/jobs/d240253e-6098-4419-8f04-aaf793f42c03) - Zocdoc - Remote - $100k – $140k/yr
- [Detection & Mitigation Engineer](https://hotfix.jobs/jobs/61def9c4-f4a5-41a5-99c6-579a61033a73) - Cloudflare
- [Security & Compliance Operations Manager](https://hotfix.jobs/jobs/90ac6643-526f-4aeb-bb4f-d71bc1af1fcd) - Mintlify - San Francisco, CA - $120k – $180k/yr

**Apply:** https://hotfix.jobs/jobs/c8c1ba6f-2092-4ef4-b84c-45079641fabd
**Canonical:** https://hotfix.jobs/jobs/c8c1ba6f-2092-4ef4-b84c-45079641fabd