Senior Full-Stack Software Engineer (Next.js + Supabase + AI-Native)
Why Finite State Join a mission-driven team that’s securing the connected world. At Finite State, you’ll work alongside some of the brightest minds in cybersecurity and software supply chain analysis to uncover and mitigate vulnerabilities hidden in the firmware and software that power everything from cars to medical devices. Your work will have a direct impact on protecting critical infrastructure and shaping the future of IoT and device security — all within a flexible, fully remote culture that values innovation, craftsmanship, and measurable impact.
The Role We’re looking for a Senior Full-Stack Software Engineer with deep expertise in Next.js, TypeScript, PostgreSQL/Supabase, and AI-assisted development to design, build, and deliver the scalable, secure systems behind our cybersecurity platform. This is a hands-on, product-focused role for an engineer who: Thrives at the intersection of secure software engineering, data-heavy systems, and product innovation Is fluent in AI tooling (Cursor, Devin, Copilot, etc.) and knows how to turn them into real velocity — not toys Can design full-stack solutions, think strategically about risk and performance, and help us move business logic closer to the data layer (Postgres + Supabase) You’ll work closely with product, design, and security researchers to create seamless, data-driven experiences that empower our customers to secure the software supply chain.
What You’ll Do Full-Stack Development Build and maintain secure, scalable web applications using Next.js/React, TypeScript, and Node – backed by PostgreSQL on Supabase (and AWS RDS during migration). Own features end-to-end from UI to database. Database-Centric Application Logic Design and implement business logic close to the data using Postgres functions, views, triggers, Row-Level Security (RLS), and Supabase Edge Functions, minimizing unnecessary middleware and enabling high performance and strong data isolation. AI-Accelerated Development Treat tools like Cursor, Devin, GitHub Copilot, and agent frameworks as core parts of your workflow. Use them to: Scaffold and refactor full-stack features Generate and evolve schemas, migrations, and RLS policies Build internal agents that automate repetitive engineering tasks and glue systems together Application Security First Embed security best practices into every layer of development — from secure coding and dependency management to data protection and authentication/authorization (Supabase Auth, OAuth2/OIDC, SSO). Collaborate with security researchers to ensure features align with threat models. Product Collaboration Work hand-in-hand with product managers and designers to translate customer pain points into impactful, intuitive features. Participate in product discovery and help shape roadmaps with a strong technical and data-informed perspective. Architect & Scale Design and optimize API contracts, edge endpoints, and event flows using Next.js (server components, API routes) and Supabase (Edge Functions, real-time). Consider performance, resiliency, and multi-region deployment (read replicas, data partitioning) as first-class concerns. Data Expertise Model and optimize relational data in PostgreSQL for large, multi-tenant workloads. Own indexing strategies, query performance, and data partitioning approaches to support 10x–30x growth in customers and data. Security-Integrated DevOps Support automated testing, CI/CD pipelines, database migrations, and vulnerability scanning throughout the development lifecycle. Work closely with infrastructure engineers on Supabase + AWS environments, observability, and performance tuning. Mentorship & Collaboration Provide guidance and thoughtful code reviews to peers, fostering a culture of quality, security, and ownership. Help raise the bar on full-stack, data-centric, and AI-native engineering practices. Continuous Learning Stay ahead of trends in AI-assisted engineering, agentic systems, application security, Next.js, and modern Postgres/Supabase practices, and share what you learn with the team.
What We’re Looking For Experienced Full-Stack Engineer Proven track record building and deploying production-grade applications using Next.js/React and TypeScript, with a strong command of PostgreSQL and at least one backend runtime (Node/TypeScript). Direct experience with Supabase (Auth, Storage, Edge Functions, RLS, migrations) or a very similar Postgres-based BaaS is a strong plus. AI-Native Developer (Required) You’re not just “familiar” with AI tools — you actively use things like Cursor, Devin, Copilot daily to: Accelerate implementation and refactors Improve test coverage and docs Explore design alternatives and quickly validate approaches You understand their failure modes and know when to trust vs verify. Application Security Expertise Strong understanding of secure coding practices, authentication/authorization (OAuth2, OIDC), session management, and vulnerability mitigation in web apps. Comfortable working in a security-conscious domain. Database & Data-Modeling Chops Deep experience designing relational schemas, optimizing queries, and working on high-volume, multi-tenant Postgres databases. Comfortable reasoning about indexes, query plans, and tradeoffs. Cybersecurity Awareness Familiarity with software supply chain risks, SBOMs, CVEs, and vulnerability scanning principles — or a strong interest in learning this domain quickly. Product Mindset You think like a product owner — balancing technical excellence, user experience, and business value. You’re comfortable making pragmatic tradeoffs and iterating quickly with stakeholders. Cloud & Infrastructure Experience running apps in the cloud, ideally AWS. Familiarity with containers (Docker) and orchestration (Kubernetes) is useful, even if much of the new stack is serverless/managed (Vercel, Supabase, etc.). Quality-Driven & Collaborative Passionate about testing (unit, integration, end-to-end), CI/CD automation, and writing maintainable, well-structured code. Excellent communication skills and experience in cross-functional, remote teams.
Our Tech Stack Core (new stack): Languages: TypeScript, JavaScript, Python Frontend: Next.js, React Backend / Platform: Supabase (PostgreSQL, Auth, Edge Functions, Storage), Node/TypeScript services Data: PostgreSQL (Supabase + AWS RDS during migration), Redis Security & DevOps: Auth & Security: Supabase Auth, OAuth2/OIDC, GitHub, Trivy, Snyk Infrastructure: AWS, Docker, Kubernetes (for supporting services), modern CI/CD AI Tools: Cursor, Devin, GitHub Copilot, and modern agent frameworks where appropriate
Nice-to-Haves Agentic Systems Experience Experience designing or shipping agentic workflows using modern frameworks such as Agno, Vercel AI SDK, or similar (LangChain, LlamaIndex, etc.) for internal tools, customer-facing automation, or developer productivity. Supabase DBA / Performance Hands-on experience with database administration and performance tuning on Supabase/Postgres — connection pooling, query analysis, indexing strategy, partitioning, and capacity planning. Experience in software supply chain security, SBOM analysis, or vulnerability intelligence. Familiarity with observability tools (Honeycomb, Datadog, Prometheus). Background in DevSecOps or secure CI/CD pipeline development. Experience contributing to or leading product-focused engineering efforts in cybersecurity startups.
Your 90-Day Success Path 30 Days: Ship small full-stack features in our Next.js + Supabase stack; learn our security and data architecture; demonstrate effective use of AI tools + agentic workflows in your day-to-day work. 60 Days: Own and deliver secure, high-impact features end-to-end; contribute to schema and API design; help refine patterns for RLS, migrations, edge functions, and internal AI/agent tooling. 90 Days: Lead new initiatives, drive improvements in performance and security posture, shape our full-stack and AI-native architecture, and mentor peers on Next.js, Supabase, and AI-accelerated development.
Why You’ll Love Working Here Competitive Compensation: Salary + equity options. Comprehensive Benefits: Fully covered medical, dental, and vision. Flexible Time Off: Unlimited PTO plus generous parental leave. Remote-First: Work from anywhere in Canada or the United States with a WFH stipend and flexible hours. Mission-Driven Work: Your code directly contributes to protecting the connected world.
About the job
Apply for this position
Senior Full-Stack Software Engineer (Next.js + Supabase + AI-Native)
Why Finite State Join a mission-driven team that’s securing the connected world. At Finite State, you’ll work alongside some of the brightest minds in cybersecurity and software supply chain analysis to uncover and mitigate vulnerabilities hidden in the firmware and software that power everything from cars to medical devices. Your work will have a direct impact on protecting critical infrastructure and shaping the future of IoT and device security — all within a flexible, fully remote culture that values innovation, craftsmanship, and measurable impact.
The Role We’re looking for a Senior Full-Stack Software Engineer with deep expertise in Next.js, TypeScript, PostgreSQL/Supabase, and AI-assisted development to design, build, and deliver the scalable, secure systems behind our cybersecurity platform. This is a hands-on, product-focused role for an engineer who: Thrives at the intersection of secure software engineering, data-heavy systems, and product innovation Is fluent in AI tooling (Cursor, Devin, Copilot, etc.) and knows how to turn them into real velocity — not toys Can design full-stack solutions, think strategically about risk and performance, and help us move business logic closer to the data layer (Postgres + Supabase) You’ll work closely with product, design, and security researchers to create seamless, data-driven experiences that empower our customers to secure the software supply chain.
What You’ll Do Full-Stack Development Build and maintain secure, scalable web applications using Next.js/React, TypeScript, and Node – backed by PostgreSQL on Supabase (and AWS RDS during migration). Own features end-to-end from UI to database. Database-Centric Application Logic Design and implement business logic close to the data using Postgres functions, views, triggers, Row-Level Security (RLS), and Supabase Edge Functions, minimizing unnecessary middleware and enabling high performance and strong data isolation. AI-Accelerated Development Treat tools like Cursor, Devin, GitHub Copilot, and agent frameworks as core parts of your workflow. Use them to: Scaffold and refactor full-stack features Generate and evolve schemas, migrations, and RLS policies Build internal agents that automate repetitive engineering tasks and glue systems together Application Security First Embed security best practices into every layer of development — from secure coding and dependency management to data protection and authentication/authorization (Supabase Auth, OAuth2/OIDC, SSO). Collaborate with security researchers to ensure features align with threat models. Product Collaboration Work hand-in-hand with product managers and designers to translate customer pain points into impactful, intuitive features. Participate in product discovery and help shape roadmaps with a strong technical and data-informed perspective. Architect & Scale Design and optimize API contracts, edge endpoints, and event flows using Next.js (server components, API routes) and Supabase (Edge Functions, real-time). Consider performance, resiliency, and multi-region deployment (read replicas, data partitioning) as first-class concerns. Data Expertise Model and optimize relational data in PostgreSQL for large, multi-tenant workloads. Own indexing strategies, query performance, and data partitioning approaches to support 10x–30x growth in customers and data. Security-Integrated DevOps Support automated testing, CI/CD pipelines, database migrations, and vulnerability scanning throughout the development lifecycle. Work closely with infrastructure engineers on Supabase + AWS environments, observability, and performance tuning. Mentorship & Collaboration Provide guidance and thoughtful code reviews to peers, fostering a culture of quality, security, and ownership. Help raise the bar on full-stack, data-centric, and AI-native engineering practices. Continuous Learning Stay ahead of trends in AI-assisted engineering, agentic systems, application security, Next.js, and modern Postgres/Supabase practices, and share what you learn with the team.
What We’re Looking For Experienced Full-Stack Engineer Proven track record building and deploying production-grade applications using Next.js/React and TypeScript, with a strong command of PostgreSQL and at least one backend runtime (Node/TypeScript). Direct experience with Supabase (Auth, Storage, Edge Functions, RLS, migrations) or a very similar Postgres-based BaaS is a strong plus. AI-Native Developer (Required) You’re not just “familiar” with AI tools — you actively use things like Cursor, Devin, Copilot daily to: Accelerate implementation and refactors Improve test coverage and docs Explore design alternatives and quickly validate approaches You understand their failure modes and know when to trust vs verify. Application Security Expertise Strong understanding of secure coding practices, authentication/authorization (OAuth2, OIDC), session management, and vulnerability mitigation in web apps. Comfortable working in a security-conscious domain. Database & Data-Modeling Chops Deep experience designing relational schemas, optimizing queries, and working on high-volume, multi-tenant Postgres databases. Comfortable reasoning about indexes, query plans, and tradeoffs. Cybersecurity Awareness Familiarity with software supply chain risks, SBOMs, CVEs, and vulnerability scanning principles — or a strong interest in learning this domain quickly. Product Mindset You think like a product owner — balancing technical excellence, user experience, and business value. You’re comfortable making pragmatic tradeoffs and iterating quickly with stakeholders. Cloud & Infrastructure Experience running apps in the cloud, ideally AWS. Familiarity with containers (Docker) and orchestration (Kubernetes) is useful, even if much of the new stack is serverless/managed (Vercel, Supabase, etc.). Quality-Driven & Collaborative Passionate about testing (unit, integration, end-to-end), CI/CD automation, and writing maintainable, well-structured code. Excellent communication skills and experience in cross-functional, remote teams.
Our Tech Stack Core (new stack): Languages: TypeScript, JavaScript, Python Frontend: Next.js, React Backend / Platform: Supabase (PostgreSQL, Auth, Edge Functions, Storage), Node/TypeScript services Data: PostgreSQL (Supabase + AWS RDS during migration), Redis Security & DevOps: Auth & Security: Supabase Auth, OAuth2/OIDC, GitHub, Trivy, Snyk Infrastructure: AWS, Docker, Kubernetes (for supporting services), modern CI/CD AI Tools: Cursor, Devin, GitHub Copilot, and modern agent frameworks where appropriate
Nice-to-Haves Agentic Systems Experience Experience designing or shipping agentic workflows using modern frameworks such as Agno, Vercel AI SDK, or similar (LangChain, LlamaIndex, etc.) for internal tools, customer-facing automation, or developer productivity. Supabase DBA / Performance Hands-on experience with database administration and performance tuning on Supabase/Postgres — connection pooling, query analysis, indexing strategy, partitioning, and capacity planning. Experience in software supply chain security, SBOM analysis, or vulnerability intelligence. Familiarity with observability tools (Honeycomb, Datadog, Prometheus). Background in DevSecOps or secure CI/CD pipeline development. Experience contributing to or leading product-focused engineering efforts in cybersecurity startups.
Your 90-Day Success Path 30 Days: Ship small full-stack features in our Next.js + Supabase stack; learn our security and data architecture; demonstrate effective use of AI tools + agentic workflows in your day-to-day work. 60 Days: Own and deliver secure, high-impact features end-to-end; contribute to schema and API design; help refine patterns for RLS, migrations, edge functions, and internal AI/agent tooling. 90 Days: Lead new initiatives, drive improvements in performance and security posture, shape our full-stack and AI-native architecture, and mentor peers on Next.js, Supabase, and AI-accelerated development.
Why You’ll Love Working Here Competitive Compensation: Salary + equity options. Comprehensive Benefits: Fully covered medical, dental, and vision. Flexible Time Off: Unlimited PTO plus generous parental leave. Remote-First: Work from anywhere in Canada or the United States with a WFH stipend and flexible hours. Mission-Driven Work: Your code directly contributes to protecting the connected world.