About Supabase
Supabase is an open source Firebase alternative. We give developers a Postgres database, authentication, instant APIs, edge functions, and real-time subscriptions — all in one platform. We are building the infrastructure layer for the next generation of applications.
Corporate IT at Supabase reports into the Security organization. Identity and endpoint hygiene are treated as security controls, not administrative overhead. You will work with a small, senior team with direct access to engineering leadership and a mandate to automate everything.
About the Role
You will work directly with our IDM/MDM Lead to own the day-to-day operations of our identity and endpoint stack — Okta, Slack, Iru (MDM), and the integrations that tie them together. This role is equal parts identity management and endpoint operations, with a strong expectation that you automate what you repeat and document what you automate.
This role provides follow-the-sun IT and identity coverage alongside our IDM/MDM Lead on the West Coast. Fully remote, with a strong preference for candidates based in EST or APAC.
What You’ll Own
Identity & Access Management
- Administer Okta day-to-day: user provisioning, group management, SSO application configuration, and MFA policy enforcement.
- Own joiner-mover-leaver (JML) workflows — ensure access is granted on day one, adjusted on role change, and fully revoked on departure with no manual gaps.
- Maintain and improve Okta lifecycle automation, reducing manual provisioning toil and closing the window between HR events and access changes.
- Audit access regularly: identify stale accounts, over-provisioned roles, and orphaned app assignments before they become incidents.
- Support FIDO2/WebAuthn and YubiKey deployment for privileged access across the organization.
Endpoint Management & MDM
- Administer Iru (formerly Kandji) MDM for macOS fleet: device enrollment, configuration profiles, compliance baselines, and policy enforcement.
- Ensure all managed endpoints meet security baselines — disk encryption, screen lock, patch cadence, and EDR agent deployment.
- Support onboarding hardware logistics: device procurement, enrollment, and first-day readiness across global time zones.
- Identify and track unmanaged or out-of-compliance devices; drive remediation and escalate persistent non-compliance.
- Maintain MDM configuration as code where possible — changes should be reviewable, versioned, and reversible.
SaaS & Collaboration Platform Operations
- Administer Slack workspace: channel governance, app integration reviews, guest access management, and enterprise grid operations.
- Manage the corporate SaaS portfolio — own app provisioning, license tracking, and access reviews for tools like Google Workspace, Zoom, Notion, and others.
- Review and approve new SaaS integration requests against security and data handling standards before deployment.
- Maintain an accurate inventory of corporate applications, their owners, access scope, and data classification.
Automation & Process Improvement
- Identify repetitive IT tasks and eliminate them through automation — scripting, workflow tooling, or Okta lifecycle rules.
- Write and maintain runbooks for all core IT operations so coverage is consistent across time zones and not dependent on any single person.
- Contribute to IT metrics: onboarding time-to-access, offboarding completion rate, MDM compliance percentage, and access review cadence.
- Partner with the Security Engineering team to close gaps surfaced by compliance audits (SOC 2, ISO 27001) that touch identity and endpoint controls.
You Might Be a Good Fit If You Have
- 2–4 years in a corporate IT, IT operations, or identity administration role at a cloud-native or SaaS company.
- Hands-on Okta administration experience: SSO, MFA, lifecycle management, and group/policy configuration.
- Experience with a modern MDM platform (Kandji/Iru, Jamf, or equivalent) managing a macOS-first fleet.
- Working knowledge of JML processes — you understand why a 24-hour offboarding window is a security risk, not just an IT inconvenience.
- Comfortable with scripting or automation (Bash, Python, or similar) to reduce manual toil.
- Async-first communicator: you document decisions, write clear runbooks, and don’t let tasks die in DMs.
Nice to Have
- Experience with FIDO2/WebAuthn deployment or hardware security key programs (YubiKey 5 series).
- Familiarity with Slack enterprise grid administration including app governance and Connect channel management.
- Exposure to SOC 2 or ISO 27001 evidence collection for identity and endpoint controls.
- Experience managing IT operations across APAC and Americas time zones simultaneously.
- Familiarity with Google Workspace admin, including directory sync and group-based provisioning.
- Prior work in a security-adjacent IT role where identity hygiene and access control were first-class concerns.
What We’re Not Looking For
- A ticket-taker who waits for requests. We expect you to proactively find and close gaps — stale accounts, unmanaged devices, ungoverned app integrations.
- Someone who treats IT and security as separate disciplines. Every identity and endpoint decision here is a security decision.
- A process follower who can’t write automation. If you’re doing the same task manually for the third time, that’s a bug.
What We Offer
- Fully Remote
We hire globally. We believe you can do your best work from anywhere. There are no Supabase offices, but we provide a WeWork membership or co-working allowance you can use anywhere in the world.
- ESOP
Every team member receives ESOP (equity ownership) in the company. We want everyone to share in the upside of what we’re building together.
- Tech Allowance
Use this budget to set up your ideal work environment—laptop, monitor, headphones, or whatever helps you do your best work.
- Health Benefits
Supabase covers 100% of health insurance for employees and 80% for dependents, wherever you are. Your wellbeing and your family’s health are important to us.
- Annual Off-Sites
Once a year, the entire company gathers in a new city for a week of connection, collaboration, and fun. It’s a highlight of our year.
- Flexible Work
We operate asynchronously and trust you to manage your own time. You know what needs to be done and when.
- Professional Development
Every team member receives an annual education allowance to spend on learning—courses, books, conferences, or anything that supports your growth.
About the Team
Supabase was born-remote and open-source-first. We believe our globally distributed team is our secret weapon in building tools developers love.
- 280+ team members
- 55+ countries
- 20+ languages spoken
- $500M raised
- 500,000+ community members
We move fast, build in public, and use what we ship. If it’s in your project, we probably use it in ours too. We believe deeply in the open-source ecosystem and strive to support—not replace—existing tools and communities.
Hiring Process
We keep things simple, async-friendly, and respectful of your time:
- Apply – Our team will review your application.
- Intro Call – A short video chat to get to know each other.
- Interviews – Up to four calls with:
- Team Leads
- Future teammates
- Someone cross-functional from product, growth, or engineering (depending on the role)
- Someone from our leadership/founding team
- Decision – We may follow up with a final question or go straight to offer.
All communication is remote and we aim to move fast.