nPloy Logo

Security Operations Engineer

Logo of Supabase

Supabase

Remote work

Remote work

Regular employment

3 - 15 years of experience

Full Time

Remote - Worldwide

Responsibilities

Supabase is an open-source, fully remote company building developer tools for Postgres—and now running 3 million+ managed database instances in production. Safeguarding that data is core to our mission.

We’re hiring a Security Operations Engineer to be the frontline guardian of our cloud platform, turning raw alerts into resolved issues and ensuring every team at Supabase stays secure by default.

You will:

  • Own inbound security triage

    • Monitor and sort HackerOne bug-bounty reports, Vanta compliance alerts, HubSpot support tickets, and internal security requests.

    • Quickly assess severity and business impact, file actionable tickets, and route them to the relevant product teams.

  • Manage and improve security tooling

    • Oversee and maintain our Mobile Device Management system (Jamf), EDR and other security related tooling

    • Triage and follow up on IDS alerts, coordinating with Engineering and Infrastructure teams where needed.

    • Ensure alerting systems and workflows remain effective, actionable, and low-noise.

  • Drive incident response & follow-through

    • Coordinate investigation, remediation, and post-mortem activities for security events.

    • Track SLAs, chase blockers, and close the loop with reporters - ensuring clear, timely communication throughout.

  • Keep our security signals healthy

    • Tune alert rules, improve duplicate/false-positive handling, and feed lessons learned back into detections and playbooks.

    • Maintain and refine runbooks, workflows, and metrics dashboards for continuous improvement.

  • Support compliance & assurance initiatives

    • Collect evidence from resolved findings for SOC 2 and HIPAA audits.

    • Partner with the Security Engineering and Compliance teams to turn operational gaps into long-term control improvements.

  • Champion security culture

    • Respond to ad-hoc security questions from engineers, sales, and support.

    • Contribute to internal training, FAQs, and knowledge-base articles to raise the overall security IQ of the company.

You are …

  • Experienced in security operations. 3 + years in a Security Operations Center, CERT, or similar on-call/triage environment for a cloud-native product company.

  • Tool-savvy. Comfortable with bug-bounty platforms (HackerOne, Bugcrowd), compliance tooling (Vanta, Drata), ticketing/CRM systems (HubSpot, Jira), and at least one log/SIEM stack.

  • Process-oriented & relentless at follow-up. You enjoy turning chaos into checklists, measuring progress, and nudging tasks over the finish line.

  • Clear and empathetic communicator. Able to translate security jargon into developer-friendly action items and customer-friendly updates.

  • Familiar with common frameworks. Working knowledge of SOC 2, HIPAA, ISO 27001, or related standards.

  • Comfortable in an async-first, globally distributed team. You write things down, default to transparency, and can triage effectively across time zones.

Nice to have: hands-on scripting for automation, experience with threat-intel feeds, prior work in a high-volume bug-bounty program.

We offer:

  • 100% remote work from anywhere in the world. No location-based adjustment to your salary.

  • Autonomous work. We work collaboratively on projects, but you set your own pace.

  • Health, Vision and Dental benefits. Supabase covers 100% of the cost for employees and 80% for dependants

  • Generous Tech Allowance for any office setup you need

  • Annual Education Allowance

  • Annually run off-sites.

About the team

  • We're a startup. It's unstructured.

  • Collectively founded more than 30 startups.

  • Globally distributed team with more than 30 different nationalities.

  • We deeply believe in the efficacy of collaborative open source. We support existing communities and tools, rather than building "yet another xx".

  • We "dogfood" everything. If you use it in your project, we use it in Supabase.

Process

  • The entire process is fully remote and all communication will happen over email or via video chat.

  • Once you've submitted your application, the team will review your submission and may reach out for a short screening interview over a video call.

  • If you pass the screen you will be invited to up to four follow-up interviews.

  • The calls:

    • usually take between 20-45 minutes each depending on the interviewer.

    • most of the time, are all 1:1.

    • will be with the founders, a member of either the growth or engineering team (depending on the role) and usually one other person from your immediate team or function.

  • Once the interviews are over, the team will meet to discuss several roles and candidates and may:

    • ask one or two follow-up questions over email or a quick call.

    • go directly to making an offer.

Required skills

Collaboration
Communication Skills
Compliance
Jira
Metrics
Network Communications
Operations
Process Improvement
Risk Management
Security
LiveData
Alert Manager
Software Security
Security best practices
SIEM
IDPS
Incident detection
incident response
WAF
DITA
MDM tools
Fs2
ISO
HubSpot
Cloud Security
Security Training
English
Job posted today

or

to apply.