Product Manager - Security & Trust (EMEA/AMER)

About the Role

Supabase, as a Postgres development platform, has built trust with over 7 million developers by providing a secure environment for them to build and deploy their applications. The move into AI-native development, regulated industries, and enterprise markets further emphasizes the importance of robust security measures. This role is central to that effort, requiring a deep understanding of both the technical aspects of security and the needs of developers and enterprises alike.

The role involves setting the security agenda for the platform, leading the development of Supabase's security roadmap, and ensuring that every aspect of security, from defaults to advanced controls, is considered. This encompasses partnering with various teams to ensure that security features are not only effective but also do not impede the developer experience. The position demands a comprehensive approach, considering both the security needs of regulated companies and the ease of use for indie developers.

What You Will Do

• Lead the development and implementation of Supabase's platform security roadmap, ensuring a balance between security measures and developer experience.
• Collaborate with Security Engineering, Compliance, and platform teams to ensure comprehensive security measures are in place.
• Define and drive the security strategy for AI agents, focusing on authentication, scoping, and auditing of agent activity.
• Own and drive the roadmap for security tooling used by customers, including firewalls, security advisors, audit logs, and IAM primitives.
• Develop the unified access model across Supabase, incorporating roles, permissions, personal access tokens, OAuth integrations, and SSO/SCIM.
• Drive the compliance roadmap, building on existing SOC2 and HIPAA compliance to expand Supabase's adoption in regulated industries.
• Act as the voice of the customer for security, gathering feedback and translating it into actionable roadmap items.
• Develop clear, opinionated, and trustworthy security guides that support the Supabase documentation.

What We Are Looking For

• 7+ years of experience in product management, with a focus on security, identity and access, infrastructure, or developer platforms.
• Deep working knowledge of security primitives such as authentication, authorization (RBAC, RLS), audit logging, and secrets management.
• Proven track record of leading cross-functional initiatives and driving multi-team RFCs from proposal to implementation.
• Experience with GTM strategies and their implementation in a security context.
• Strong understanding of compliance requirements, particularly SOC2 and HIPAA.
• Comfortable working in a remote, async, write-it-down culture.
• Exceptional writing and communication skills, with the ability to draft and ship high-quality documentation.

Nice to Have

• Experience with AI-native development and its security implications.
• Knowledge of regulated industries and their specific security and compliance needs.
• Familiarity with developer platforms and the balance between security and developer experience.
• Participation in open-source projects or contributions to security-focused communities.

Benefits and Perks

• Competitive compensation package.
• Equity in a fast-growing company.
• Flexible PTO policy to ensure work-life balance.
• Health insurance and other benefits tailored to remote workers.
• Remote work stipend to support your home office setup.
• Professional development opportunities, including training and conference sponsorships.
• Access to a global community of developers and security professionals through Supabase's network.

• Highlight GTM experience: Emphasize your experience in driving Go-To-Market strategies, especially in security, to stand out.
• Showcase security expertise: Provide specific examples of security features you've developed or compliant roadmaps you've driven.
• Develop a personal project: Having a personal project that demonstrates your understanding of security and developer experience can be a significant plus.
• Prepare for scenario-based questions: Be ready to answer questions about how you would handle specific security scenarios or trade-offs between security and usability.
• Research Supabase deeply: Understand Supabase's current security posture, its user base, and the challenges it faces in the security and trust space to demonstrate your interest and knowledge.
• Demonstrate writing skills: Since you'll be responsible for shipping security guides, be prepared to showcase your writing abilities, possibly through a writing sample or a blog you've maintained.
• Be ready to discuss compliance: Familiarize yourself with current compliance standards, especially SOC2 and HIPAA, and be prepared to discuss how you would drive compliance efforts forward at Supabase.