# Anti Abuse Engineer

**Company:** [Supabase](https://hotfix.jobs/companies/supabase)
**Location:** Remote
**Role:** Security Engineering
**Experience:** 3+ years
**Skills:** SQL, Python, Detection Engineering, Incident Response, SIEM, Threat Intelligence, Postgres, Postgrest, Splunk, Datadog
**Posted:** 2026-06-18

> Build and operate abuse detection and response systems at scale for Supabase's multi-tenant platform. Triage signals, lead incidents, tune detection logic, and automate remediation using SQL and Python.

## Job Description

## What You’ll Own

### Abuse Detection & Signal Triage
- Monitor inbound abuse signals across platform telemetry, HackerOne reports, support queues, and internal alerting pipelines
- Triage abuse cases end-to-end, assessing severity and blast radius, classifying actor types, and routing to the correct response track
- Own the abuse case queue with clear SLAs to ensure no active threats age out without a definitive decision
- Identify complex patterns across distinct cases that point toward coordinated campaigns or emerging attack techniques

### Incident Response & Remediation
- Lead response efforts for active abuse incidents, coordinating closely with Platform and Infrastructure teams to execute containment actions and drive remediation to closure
- Write clear, timely communications to affected users and internal stakeholders throughout the lifecycle of an incident
- Conduct thorough post-incident reviews, feeding findings back into detection rules, runbooks, and platform controls
- Maintain and improve incident runbooks to ensure response execution is consistent, scalable, and reproducible across time zones

### Detection Engineering & Automation
- Build and tune detection logic against platform telemetry and Supabase-native data sources, including Postgres query patterns, Edge Function invocations, auth anomalies, and storage abuse
- Automate repetitive triage and response actions to aggressively reduce manual toil, increase response speed, and improve consistency
- Contribute to the Anti-Abuse Platform architecture, optimizing the blocklist schema, the remediation action ladder (L1–L4), and enforcement pipelines
- Instrument metrics for detection coverage and alert fidelity, closely tracking false positive rates, detection latency, and remediation time

### Tooling & Platform Improvement
- Maintain and improve the abuse operations toolchain, including case management systems, escalation workflows, and engineering reporting dashboards
- Partner with Core Engineering to design and implement platform-layer controls that eliminate abuse vectors by design rather than by reactive response
- Support Supabase for Platforms (SfP) customers by operationalizing the centralized Anti-Abuse platform for enterprise-grade use cases

## Requirements
- 3+ years of experience in a security operations, trust & safety, or abuse-focused engineering role at a cloud-native product or platform company
- Hands-on experience with detection logic, including writing rules, tuning thresholds, and reducing noise in high-volume, highly complex signal environments
- Proven ability to run incident response end-to-end (triage, containment, communication, and postmortems)
- Proficient in SQL and a scripting language (Python heavily preferred) for log analysis, pattern detection, and building automation workflows
- Deep familiarity with abuse actor techniques, such as credential stuffing, account takeover (ATO), compute abuse, exfiltration, and spam/phishing infrastructure
- Thrive operating async-first in a globally distributed team — write clearly, default to explicit documentation, and close loops without needing reminders

## Nice to Have
- Experience with Postgres, PostgREST, or Supabase platform internals
- Prior work building, scaling, or operating a multi-tenant abuse detection or trust & safety platform
- Familiarity with threat intelligence feeds and IOC enrichment pipelines
- Exposure to modern SIEM tooling (Scanner.dev, Splunk, Datadog, or similar)
- Experience triaging and managing HackerOne or Bugcrowd reports at volume
- Working knowledge of SOC 2, ISO 27001, or similar compliance frameworks

## Similar roles

- [Security Program Manager](https://hotfix.jobs/jobs/e7f7fcaf-1979-4194-9131-83689809fe47) - Forus - New York, NY
- [Safeguards Enforcement Analyst, Account Takeover & Credential Abuse](https://hotfix.jobs/jobs/31f5d0ec-9b31-4419-a4b1-2e826ec7a358) - Anthropic - San Francisco, CA - $245k – $285k/yr
- [Application Security Engineer](https://hotfix.jobs/jobs/d240253e-6098-4419-8f04-aaf793f42c03) - Zocdoc - Remote - $100k – $140k/yr
- [Detection & Mitigation Engineer](https://hotfix.jobs/jobs/61def9c4-f4a5-41a5-99c6-579a61033a73) - Cloudflare
- [Security & Compliance Operations Manager](https://hotfix.jobs/jobs/90ac6643-526f-4aeb-bb4f-d71bc1af1fcd) - Mintlify - San Francisco, CA - $120k – $180k/yr

**Apply:** https://hotfix.jobs/jobs/efdd1a0d-3096-4270-b012-213c177b6e68
**Canonical:** https://hotfix.jobs/jobs/efdd1a0d-3096-4270-b012-213c177b6e68