Finite State partners with product security teams, the guardians of our connected world, to create transparency for their connected devices and supply chains. Our platform handles connected devices and embedded systems across all industries, including those found in enterprises, healthcare, utilities, connected vehicles, manufacturing facilities, critical infrastructure, and government entities.
We are a fast-growing series-B company with a fully distributed workforce. Led by a team of seasoned experts, we are a mission-driven team passionate about arming our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. We are committed to a remote first culture.
We’re looking for a Senior Full-Stack Software Engineer with deep expertise in Next.js, TypeScript, PostgreSQL/Supabase, and AI-assisted development to design, build, and deliver the scalable, secure systems behind our cybersecurity platform.
This is a hands-on, product-focused role for an engineer who:
- Thrives at the intersection of secure software engineering, data-heavy systems, and product innovation
- Is fluent in AI tooling (Cursor, Devin, Copilot, etc.) and knows how to turn them into real velocity — not toys
- Can design full-stack solutions, think strategically about risk and performance, and help us move business logic closer to the data layer (Postgres + Supabase)
- Full-Stack Development: Build and maintain secure, scalable web applications using Next.js/React, TypeScript, and Node – backed by PostgreSQL on Supabase (and AWS RDS during migration). Own features end-to-end from UI to database.
- Database-Centric Application Logic: Design and implement business logic close to the data using Postgres functions, views, triggers, Row-Level Security (RLS), and Supabase Edge Functions, minimizing unnecessary middleware and enabling high performance and strong data isolation.
- AI-Accelerated Development: Treat tools like Cursor, Devin, GitHub Copilot, and agent frameworks as core parts of your workflow. You'll use them to scaffold and refactor full-stack features, generate and evolve schemas, migrations, and RLS policies and build internal agents that automate repetitive engineering tasks and glue systems together
- Application Security First: Embed security best practices into every layer of development — from secure coding and dependency management to data protection and authentication/authorization (Supabase Auth, OAuth2/OIDC, SSO). Collaborate with security researchers to ensure features align with threat models.
- Product Collaboration: Work hand-in-hand with product managers and designers to translate customer pain points into impactful, intuitive features. Participate in product discovery and help shape roadmaps with a strong technical and data-informed perspective.
- Architect & Scale: Design and optimize API contracts, edge endpoints, and event flows using Next.js (server components, API routes) and Supabase (Edge Functions, real-time). Consider performance, resiliency, and multi-region deployment (read replicas, data partitioning) as first-class concerns.
- Data Expertise: Model and optimize relational data in PostgreSQL for large, multi-tenant workloads. Own indexing strategies, query performance, and data partitioning approaches to support 10x–30x growth in customers and data.
- Security-Integrated DevOps: Support automated testing, CI/CD pipelines, database migrations, and vulnerability scanning throughout the development lifecycle. Work closely with infrastructure engineers on Supabase + AWS environments, observability, and performance tuning.
- Mentorship & Collaboration: Provide guidance and thoughtful code reviews to peers, fostering a culture of quality, security, and ownership. Help raise the bar on full-stack, data-centric, and AI-native engineering practices.
- Continuous Learning: Stay ahead of trends in AI-assisted engineering, agentic systems, application security, Next.js, and modern Postgres/Supabase practices, and share what you learn with the team.
- Senior Full-Stack Engineer with experience building and shipping production web apps using Next.js/React, TypeScript, PostgreSQL, and a Node-based backend
- AI-native developer who regularly uses AI-assisted dev tools (e.g., Cursor, Copilot, Devin) to move faster, improve code quality, and explore design options, and knows when to verify output
- Strong backend and data modeling skills in Postgres; experience with Supabase (Auth, RLS, Edge Functions, migrations) or similar Postgres-based platforms is a plus
- Security-conscious engineer with a solid understanding of secure web application development, authentication/authorization, and modern security best practices; familiarity with software supply chain security or interest in learning quickly
- Experience deploying and operating applications in the cloud (ideally AWS), with working knowledge of Docker, CI/CD, and modern managed or serverless platforms
- Product-minded and collaborative, balancing technical rigor with user and business needs, caring about testing and maintainability, and communicating clearly in a remote, cross-functional team
- 30 Days: Ship small full-stack features in our Next.js + Supabase stack; learn our security and data architecture; demonstrate effective use of AI tools + agentic workflows in your day-to-day work.
- 60 Days: Own and deliver secure, high-impact features end-to-end; contribute to schema and API design; help refine patterns for RLS, migrations, edge functions, and internal AI/agent tooling.
- 90 Days: Lead new initiatives, drive improvements in performance and security posture, shape our full-stack and AI-native architecture, and mentor peers on Next.js, Supabase, and AI-accelerated development.
- Languages: TypeScript, JavaScript, Python
- Frontend: Next.js, React
- Backend / Platform: Supabase (PostgreSQL, Auth, Edge Functions, Storage), Node/TypeScript services
- Data: PostgreSQL (Supabase + AWS RDS during migration), Redis
- Auth & Security: Supabase Auth, OAuth2/OIDC, GitHub, Trivy, Snyk
- Infrastructure: AWS, Docker, Kubernetes (for supporting services), modern CI/CD
- AI Tools: Cursor, Devin, GitHub Copilot, and modern agent frameworks where appropriate
- Be a part of building the leading platform for connected device cybersecurity.
- Join a fast-moving team that values transparency, innovation, and impact.
- Work fully remotely with a high degree of autonomy and ownership.
- Comprehensive Benefits
- Investment: We offer learning stipends to support your professional development
- Equity: We offer equity so you can share in our growth and success
- Help solve some of the most pressing cybersecurity challenges facing connected device manufacturers and the millions of people who depend on them
- Tier 1 (San Francisco, New York, Seattle): $227,000 - $270,000
- Tier 2 (All Other Locations): $181,000 - $216,000
At Finite State, we're on a mission to secure the connected world. Our platform empowers product security teams to detect vulnerabilities, manage software supply chain risks, and ensure compliance across complex device ecosystems. From IoT to critical infrastructure, we provide unparalleled visibility into firmware and software components, helping organizations protect their products and customers.
We move with urgency and intent — we’re transparent, own outcomes, put customers first, speak up, and learn fast — turning evidence into action. CLARITY is how we move fast without breaking trust.
- C - Customer first - Learn from customers. Ship with urgency.
- L - Leverage - Outsource the routine. Own the result.
- A - Agency - We take responsibility—end to end.
- R - Results - Ship value. Improve fast.
- I - Integrity - Speak up. Experiment boldly. Be kind.
- T - Transparency - Clear context. Faster decisions.
- Y - "Why" - Our mission—securing the connected products humanity depends on—is the reason Finite State exists. CLARITY is how we make that mission real, every day, at speed
Bold Innovation – We push boundaries, explore new ideas, and take initiative to solve complex problems.
The Finite State platform brings visibility and control to the supply chains that create connected devices and embedded systems—all in a simple to use platform and at the scale manufacturers need to keep device production on time and on budget. After unpacking and analyzing every file, configuration, and setting in a firmware build, the platform generates a complete bill of materials for software components, identifies known and 0-day vulnerabilities, shows a contextual risk score, and provides actionable insights that product teams can use to secure their software
We are proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Finite State is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.
