Anti Abuse Engineer

About the Role

Supabase serves millions of developers on a shared, multi-tenant platform. At that scale, abuse is not an edge case — it is a continuous operational reality. We need someone who treats detection and response as a craft, and who can close the loop between signal, triage, and automated remediation. This role sits inside the security org but operates at the intersection of security engineering, data analysis, and platform operations.

Abuse Detection & Signal Triage

• Monitor Signals: Monitor inbound abuse signals across platform telemetry, HackerOne reports, support queues, and internal alerting pipelines.
• Triage End-to-End: Triage abuse cases end-to-end, assessing severity and blast radius, classifying actor types, and routing to the correct response track.
• Queue Ownership: Own the abuse case queue with clear SLAs to ensure no active threats age out without a definitive decision.
• Pattern Recognition: Identify complex patterns across distinct cases that point toward coordinated campaigns or emerging attack techniques.

Incident Response & Remediation

• Lead Incidents: Lead response efforts for active abuse incidents, coordinating closely with Platform and Infrastructure teams to execute containment actions and drive remediation to closure.
• Communications: Write clear, timely communications to affected users and internal stakeholders throughout the lifecycle of an incident.
• Postmortems: Conduct thorough post-incident reviews, feeding findings back into detection rules, runbooks, and platform controls.
• Runbook Maintenance: Maintain and improve incident runbooks to ensure response execution is consistent, scalable, and reproducible across time zones.

Detection Engineering & Automation

• Tune Logic: Build and tune detection logic against platform telemetry and Supabase-native data sources, including Postgres query patterns, Edge Function invocations, auth anomalies, and storage abuse.
• Reduce Toil: Automate repetitive triage and response actions to aggressively reduce manual toil, increase response speed, and improve consistency.
• Platform Architecture: Contribute to the Anti-Abuse Platform architecture, optimizing the blocklist schema, the remediation action ladder (L1–L4), and enforcement pipelines.
• Metrics & Fidelity: Instrument metrics for detection coverage and alert fidelity, closely tracking false positive rates, detection latency, and remediation time.

Tooling & Platform Improvement

• Toolchain Operations: Maintain and improve the abuse operations toolchain, including case management systems, escalation workflows, and engineering reporting dashboards.
• Proactive Security: Partner with Core Engineering to design and implement platform-layer controls that eliminate abuse vectors by design rather than by reactive response.
• Enterprise Support: Support Supabase for Platforms (SfP) customers by operationalizing the centralized Anti-Abuse platform for enterprise-grade use cases.

You Might Be a Good Fit If You

• Have 3+ years of experience in a security operations, trust & safety, or abuse-focused engineering role at a cloud-native product or platform company.
• Possess hands-on experience with detection logic, including writing rules, tuning thresholds, and reducing noise in high-volume, highly complex signal environments.
• Demonstrate a proven ability to run incident response end-to-end (triage, containment, communication, and postmortems).
• Are proficient in SQL and a scripting language (Python heavily preferred) for log analysis, pattern detection, and building automation workflows.
• Are deeply familiar with abuse actor techniques, such as credential stuffing, account takeover (ATO), compute abuse, exfiltration, and spam/phishing infrastructure.
• Thrive operating async-first in a globally distributed team.