SupabaseSupabase

IT Systems Administrator

3w ago
Remote
SupabaseSupabase

IT Systems Administrator

3w ago
Remoteoktaidmmdmssomfa

Managing identity and endpoint systems including Okta and MDM tools with a focus on automation and security.

About the company

  • Supabase was born-remote and open-source-first. We believe our globally distributed team is our secret weapon in building tools developers love.
  • 280+ team members
  • 55+ countries
  • 20+ languages spoken
  • $500M raised
  • 500,000+ community members
  • We move fast, build in public, and use what we ship. If it’s in your project, we probably use it in ours too. We believe deeply in the open-source ecosystem and strive to support—not replace—existing tools and communities.

Responsibilities

  • You will work directly with our IDM/MDM Lead to own the day-to-day operations of our identity and endpoint stack — Okta, Slack, Iru (MDM), and the integrations that tie them together. This role is equal parts identity management and endpoint operations, with a strong expectation that you automate what you repeat and document what you automate.
  • This role provides follow-the-sun IT and identity coverage alongside our IDM/MDM Lead on the West Coast. Fully remote, with a strong preference for candidates based in EST or APAC.

Requirements

  • 2–4 years in a corporate IT, IT operations, or identity administration role at a cloud-native or SaaS company.
  • Hands-on Okta administration experience: SSO, MFA, lifecycle management, and group/policy configuration.
  • Experience with a modern MDM platform (Kandji/Iru, Jamf, or equivalent) managing a macOS-first fleet.
  • Working knowledge of JML processes — you understand why a 24-hour offboarding window is a security risk, not just an IT inconvenience.
  • Comfortable with scripting or automation (Bash, Python, or similar) to reduce manual toil.
  • Async-first communicator: you document decisions, write clear runbooks, and don’t let tasks die in DMs.

Nice to have

  • Experience with FIDO2/WebAuthn deployment or hardware security key programs (YubiKey 5 series).
  • Familiarity with Slack enterprise grid administration including app governance and Connect channel management.
  • Exposure to SOC 2 or ISO 27001 evidence collection for identity and endpoint controls.
  • Experience managing IT operations across APAC and Americas time zones simultaneously.
  • Familiarity with Google Workspace admin, including directory sync and group-based provisioning.
  • Prior work in a security-adjacent IT role where identity hygiene and access control were first-class concerns.

Conditions

  • Fully Remote We hire globally. We believe you can do your best work from anywhere. There are no Supabase offices, but we provide a WeWork membership or co-working allowance you can use anywhere in the world.
  • ESOP Every team member receives ESOP (equity ownership) in the company. We want everyone to share in the upside of what we’re building together.
  • Tech Allowance Use this budget to set up your ideal work environment—laptop, monitor, headphones, or whatever helps you do your best work.
  • Health Benefits Supabase covers 100% of health insurance for employees and 80% for dependents, wherever you are. Your wellbeing and your family’s health are important to us.
  • Annual Off-Sites Once a year, the entire company gathers in a new city for a week of connection, collaboration, and fun. It’s a highlight of our year.
  • Flexible Work We operate asynchronously and trust you to manage your own time. You know what needs to be done and when.
  • Professional Development Every team member receives an annual education allowance to spend on learning—courses, books, conferences, or anything that supports your growth.

How to apply

  • We keep things simple, async-friendly, and respectful of your time:
  • Apply – Our team will review your application.
  • Intro Call – A short video chat to get to know each other.
  • Interviews – Up to four calls with: Team Leads
  • Future teammates
  • Someone cross-functional from product, growth, or engineering (depending on the role)
  • Someone from our leadership/founding team
  • Decision – We may follow up with a final question or go straight to offer.
  • All communication is remote and we aim to move fast.

Other

  • Supabase is an open source Firebase alternative. We give developers a Postgres database, authentication, instant APIs, edge functions, and real-time subscriptions — all in one platform. We are building the infrastructure layer for the next generation of applications.
  • Corporate IT at Supabase reports into the Security organization. Identity and endpoint hygiene are treated as security controls, not administrative overhead. You will work with a small, senior team with direct access to engineering leadership and a mandate to automate everything.
  • Administer Okta day-to-day: user provisioning, group management, SSO application configuration, and MFA policy enforcement.
  • Own joiner-mover-leaver (JML) workflows — ensure access is granted on day one, adjusted on role change, and fully revoked on departure with no manual gaps.
  • Maintain and improve Okta lifecycle automation, reducing manual provisioning toil and closing the window between HR events and access changes.
  • Audit access regularly: identify stale accounts, over-provisioned roles, and orphaned app assignments before they become incidents.
  • Support FIDO2/WebAuthn and YubiKey deployment for privileged access across the organization.
  • Administer Iru (formerly Kandji) MDM for macOS fleet: device enrollment, configuration profiles, compliance baselines, and policy enforcement.
  • Ensure all managed endpoints meet security baselines — disk encryption, screen lock, patch cadence, and EDR agent deployment.
  • Support onboarding hardware logistics: device procurement, enrollment, and first-day readiness across global time zones.
  • Identify and track unmanaged or out-of-compliance devices; drive remediation and escalate persistent non-compliance.
  • Maintain MDM configuration as code where possible — changes should be reviewable, versioned, and reversible.
  • Administer Slack workspace: channel governance, app integration reviews, guest access management, and enterprise grid operations.
  • Manage the corporate SaaS portfolio — own app provisioning, license tracking, and access reviews for tools like Google Workspace, Zoom, Notion, and others.
  • Review and approve new SaaS integration requests against security and data handling standards before deployment.
  • Maintain an accurate inventory of corporate applications, their owners, access scope, and data classification.
  • Identify repetitive IT tasks and eliminate them through automation — scripting, workflow tooling, or Okta lifecycle rules.
  • Write and maintain runbooks for all core IT operations so coverage is consistent across time zones and not dependent on any single person.
  • Contribute to IT metrics: onboarding time-to-access, offboarding completion rate, MDM compliance percentage, and access review cadence.
  • Partner with the Security Engineering team to close gaps surfaced by compliance audits (SOC 2, ISO 27001) that touch identity and endpoint controls.
  • A ticket-taker who waits for requests. We expect you to proactively find and close gaps — stale accounts, unmanaged devices, ungoverned app integrations.
  • Someone who treats IT and security as separate disciplines. Every identity and endpoint decision here is a security decision.
  • A process follower who can’t write automation. If you’re doing the same task manually for the third time, that’s a bug.