Security researcher and breaker of things. &
Old site: @_staaldraad
| Blog | https://staaldraad.github.io |
| GitHub | https://github.com/staaldraad |
We are growing fast at Supabase and have just opened a CISO role. If you want to work with an amazing engineering team, who cares about security and who will actually listen to what you have to say, come work with me:
https://jobs.ashbyhq.com/supabase/8e7a3512-c453-4a93-a236-93e1e9b0f4d5?utm_source=4yv3qlAJYq
It is startup fun, building from the ground-up, the opportunity to "do things right" from the start. Ping me if you have any questions!
Supabase is an Open Source and fully remote company building developer tools for databases. We are looking for an experienced Chief Information Security Officer (CISO) to lead and improve the security of our hosted cloud offering. We manage over 1 million Postgres databases for our users and are growing fast https://x.com/kiwicopple/status/1874018276638154803. We are custodians of user data and securing their data is fundamental in ensuring users continue to trust us. You will be responsible for securing the Supabase Cloud offering. Here’s what you’ll be working on: - Security engineering: improve the baseline security of our product suite by evaluating features from a security perspective and making security a core part of our software development lifecycle - Security as a Product: Design and develop platform security features like user-configurable firewalls, audit logs, alerting mechanisms and other tools that empower users to manage their own security. - Security Training: Strengthen the security culture in the company by running through attack simulations and workshops. - Governance and compliance: Ensure compliance with laws, regulations, and frameworks such as GDPR, PCI DSS, SOC2 and HIPAA - Incident response: Lead efforts to mitigate attacks on our platform and operationalize a robust security incident response plan. - Security Automation: Streamline security processes by automating controls with tools like MDM, SIEM, and other tools. - Be the security expert in conversations with key customers. - Risk management: Identify and mitigate risks through risk assessments, audits and training sessions. You are: - Passionate about securing systems and building trust through robust security practices. - Worked as a CISO or similar leadership role for 4+ years. - Comfortable working in a fully remote environment and collaborating closely with engineers - Skilled at scaling up security programs within B2B SaaS companies - Experience working for developer tools or platform companies is a plus - An excellent communicator to both technical and non-technical audiences - Timezone: EU / US WE OFFER: - 100% remote work from anywhere in the world. No location-based adjustment to your salary. - Autonomous work. We work collaboratively on projects, but you set your own pace. - Health, Vision and Dental benefits. Supabase covers 100% of the cost for employees and 80% for dependants - Generous Tech Allowance for any office setup you need - Annual Education Allowance - Annually run off-sites. ABOUT THE TEAM - We're a startup. It's unstructured. - Collectively founded more than 30 startups. - Globally distributed team with more than 30 different nationalities. - We deeply believe in the efficacy of collaborative open source https://supabase.com/blog/2022/03/25/should-i-open-source-my-company. We support existing communities and tools, rather than building "yet another xx". - We "dogfood" everything. If you use it in your project, we use it in Supabase. PROCESS - The entire process is fully remote and all communication will happen over email or via video chat. - Once you've submitted your application, the team will review your submission and may reach out for a short screening interview over a video call. - If you pass the screen you will be invited to up to four follow-up interviews. - The calls: - usually take between 20-45 minutes each depending on the interviewer. - most of the time, are all 1:1. - will be with the founders, a member of either the growth or engineering team (depending on the role) and usually one other person from your immediate team or function. - Once the interviews are over, the team will meet to discuss several roles and candidates and may: - ask one or two follow-up questions over email or a quick call. - go directly to making an offer.
Launch Week 12 is fast approaching at Supabase.
Get your ticket! https://supabase.com/launch-week/tickets/staaldraad
metatrapd - honeypot service for cloud metadata.
https://github.com/staaldraad/metatrapd
I've been sitting on this for too many years and finally got around to releasing it. The README contains most of the important bits, but here are a few words about it to (if you want videos as well): https://staaldraad.github.io/post/2024-01-04-metatrapd-tool-release/
thanks to @ThinkstCanary for ideas and leading the way
Wow, this looks great.Fantastic work @msw and team 🙌
