Security Operations Engineer

About the role

We're looking for a Security Operations Engineer to join our Product Security team and help provide front-line coverage for security alerts, customer security tickets, and internal IT requests as Supabase continues to scale. This is an entry-level role designed for someone with strong judgment, curiosity, and clear communication. You'll be one of three Security Operations Engineers working in a follow-the-sun rotation across New Zealand/Australia, Sri Lanka, and US Eastern, helping Supabase maintain effective 24-hour coverage for security-relevant work. You'll triage alerts, handle customer security requests, support internal IT operations, improve runbooks, and escalate clearly to the right teams when issues need deeper investigation. What You'll Be Responsible for In this role, you'll: First Response & Triage: Act as the first responder for security alerts from GuardDuty, dependency advisories, and other detection sources. Assess severity and escalate to the right lead across Platform, Product, Anti-Abuse, or Security. Customer Security Operations: Own customer security tickets in Front, including account recovery, MFA reset, GitHub-linked account loss, billing-based ownership verification, and org ownership disputes. Incident Response Support: Participate in the on-call pager rotation alongside other Security Operations Engineers and use documented playbooks to make consistent decisions. Process Improvement: Maintain and improve runbooks, decision trees, Front macros, and escalation paths. Identify patterns in tickets and alerts to flag opportunities for automation or workflow improvements. Internal IT Support & Compliance: Triage internal IT requests (access provisioning, SSO/Okta issues, device questions, MDM enrollment) and help maintain access records, joiner-mover-leaver hygiene, and compliance audit trails. Communication: Communicate clearly with customers, engineers, and internal stakeholders during sensitive or time-critical issues. You Might Be a Good Fit If You Have prior experience in technical support, IT helpdesk, junior SOC analysis, trust and safety, fraud operations, or a similar triage-heavy environment. Have a foundational understanding of security concepts like MFA, JWTs, identity verification, account recovery, and access control. Have a foundational understanding of IT systems like SSO, identity providers, Google Workspace, Okta, and MDM tools like Kandji, Jamf, or similar. Are comfortable with a terminal, basic SQL, and reading simple scripts or macros (you do not need to be a developer). Can summarize a messy ticket or noisy alert in two sentences that explain what matters and what should happen next. Have strong customer-facing judgment and can stay calm, precise, and firm when handling sensitive access or account issues. Enjoy turning ambiguous workflows into clear checklists, runbooks, macros, and repeatable systems. Are comfortable working async across time zones and writing things down by default. Supabase was born-remote and open-source-first. We believe our globally distributed team is our secret weapon in building tools developers

Requirements

• Familiarity with Postgres, AWS, or developer tools ecosystems.
• Experience with Front, Linear, Notion, Okta, Google Workspace, Kandji, Jamf, Vanta, or similar tools.
• Open-source contributions, CTF participation, bug bounty experience, or a personal project that shows security curiosity.
• Experience improving support, SOC, trust and safety, fraud, or IT workflows, or basic scripting and automation experience.

Benefits

Additional Information

About Supabase Supabase is the Postgres development platform, built by developers for developers. We provide a complete backend solution including Database, Auth, Storage, Edge Functions, Realtime, and Vector Search. All services are deeply integrated and designed for growth.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at supabase? Share your experience