SupabaseSupabase

Security Operations Engineer

3w ago
Junior
SupabaseSupabase

Security Operations Engineer

3w ago
Juniorguarddutyfrontmfa

Entry-level Security Operations Engineer role to provide 24-hour security alert triage, customer security ticket handling, and support internal IT operations.

About the company

  • Supabase was born-remote and open-source-first. We believe our globally distributed team is our secret weapon in building tools developers love.
  • 280+ team members
  • 55+ countries
  • 20+ languages spoken
  • $500M raised
  • 500,000+ community members
  • We move fast, build in public, and use what we ship. If it’s in your project, we probably use it in ours too. We believe deeply in the open-source ecosystem and strive to support—not replace—existing tools and communities.

Responsibilities

  • We’re looking for a Security Operations Engineer to join our Product Security team and help provide front-line coverage for security alerts, customer security tickets, and internal IT requests as Supabase continues to scale.
  • This is an entry-level role designed for someone with strong judgment, curiosity, and clear communication. You’ll be one of three Security Operations Engineers working in a follow-the-sun rotation across New Zealand/Australia, Sri Lanka, and US Eastern, helping Supabase maintain effective 24-hour coverage for security-relevant work. You’ll triage alerts, handle customer security requests, support internal IT operations, improve runbooks, and escalate clearly to the right teams when issues need deeper investigation.

Nice to have

  • Familiarity with Postgres, AWS, or developer tools ecosystems.
  • Experience with Front, Linear, Notion, Okta, Google Workspace, Kandji, Jamf, Vanta, or similar tools.
  • Open-source contributions, CTF participation, bug bounty experience, or a personal project that shows security curiosity.
  • Experience improving support, SOC, trust and safety, fraud, or IT workflows, or basic scripting and automation experience.

Conditions

  • Fully Remote We hire globally. We believe you can do your best work from anywhere. There are no Supabase offices, but we provide a WeWork membership or co-working allowance you can use anywhere in the world.
  • ESOP Every team member receives ESOP (equity ownership) in the company. We want everyone to share in the upside of what we’re building together.
  • Tech Allowance Use this budget to set up your ideal work environment—laptop, monitor, headphones, or whatever helps you do your best work.
  • Health Benefits Supabase covers 100% of health insurance for employees and 80% for dependents, wherever you are. Your wellbeing and your family’s health are important to us.
  • Annual Off-Sites Once a year, the entire company gathers in a new city for a week of connection, collaboration, and fun. It’s a highlight of our year.
  • Flexible Work We operate asynchronously and trust you to manage your own time. You know what needs to be done and when.
  • Professional Development Every team member receives an annual education allowance to spend on learning—courses, books, conferences, or anything that supports your growth.

How to apply

  • We keep things simple, async-friendly, and respectful of your time:
  • Apply – Our team will review your application.
  • Intro Call – A short video chat to get to know each other.
  • Interviews – Up to four calls with: Team Leads
  • Future teammates
  • Someone cross-functional from product, growth, or engineering (depending on the role)
  • Someone from our leadership/founding team
  • Decision – We may follow up with a final question or go straight to offer.
  • All communication is remote and we aim to move fast.

Other

  • Supabase is the Postgres development platform, built by developers for developers. We provide a complete backend solution including Database, Auth, Storage, Edge Functions, Realtime, and Vector Search. All services are deeply integrated and designed for growth.
  • In this role, you’ll:
  • First Response & Triage: Act as the first responder for security alerts from GuardDuty, dependency advisories, and other detection sources. Assess severity and escalate to the right lead across Platform, Product, Anti-Abuse, or Security.
  • Customer Security Operations: Own customer security tickets in Front, including account recovery, MFA reset, GitHub-linked account loss, billing-based ownership verification, and org ownership disputes.
  • Incident Response Support: Participate in the on-call pager rotation alongside other Security Operations Engineers and use documented playbooks to make consistent decisions.
  • Process Improvement: Maintain and improve runbooks, decision trees, Front macros, and escalation paths. Identify patterns in tickets and alerts to flag opportunities for automation or workflow improvements.
  • Internal IT Support & Compliance: Triage internal IT requests (access provisioning, SSO/Okta issues, device questions, MDM enrollment) and help maintain access records, joiner-mover-leaver hygiene, and compliance audit trails.
  • Communication: Communicate clearly with customers, engineers, and internal stakeholders during sensitive or time-critical issues.
  • Have prior experience in technical support, IT helpdesk, junior SOC analysis, trust and safety, fraud operations, or a similar triage-heavy environment.
  • Have a foundational understanding of security concepts like MFA, JWTs, identity verification, account recovery, and access control.
  • Have a foundational understanding of IT systems like SSO, identity providers, Google Workspace, Okta, and MDM tools like Kandji, Jamf, or similar.
  • Are comfortable with a terminal, basic SQL, and reading simple scripts or macros (you do not need to be a developer).
  • Can summarize a messy ticket or noisy alert in two sentences that explain what matters and what should happen next.
  • Have strong customer-facing judgment and can stay calm, precise, and firm when handling sensitive access or account issues.
  • Enjoy turning ambiguous workflows into clear checklists, runbooks, macros, and repeatable systems.
  • Are comfortable working async across time zones and writing things down by default.