Finite State partners with product security teams, the guardians of our connected world, to create transparency for their connected devices and supply chains. Our platform handles connected devices and embedded systems across all industries, including those found in enterprises, healthcare, utilities, connected vehicles, manufacturing facilities, critical infrastructure, and government entities.
We are a fast-growing series-B company with a fully distributed workforce. Led by a team of seasoned experts, we are a mission-driven team passionate about arming our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. We are committed to a remote first culture.
Why Finite State
Join a mission-driven team that’s securing the connected world. At Finite State, you’ll work alongside some of the brightest minds in cybersecurity and software supply chain analysis to uncover and mitigate vulnerabilities hidden in the firmware and software that power everything from cars to medical devices.
Your work will have a direct impact on protecting critical infrastructure and shaping the future of IoT and device security — all within a flexible, fully remote culture that values innovation, craftsmanship, and measurable impact.
The Role
We’re looking for a Senior Full-Stack Software Engineer with deep expertise in Next.js, TypeScript, PostgreSQL/Supabase, and AI-assisted development to design, build, and deliver the scalable, secure systems behind our cybersecurity platform.
This is a hands-on, product-focused role for an engineer who:
Thrives at the intersection of secure software engineering, data-heavy systems, and product innovation
Is fluent in AI tooling (Cursor, Devin, Copilot, etc.) and knows how to turn them into real velocity — not toys
Can design full-stack solutions, think strategically about risk and performance, and help us move business logic closer to the data layer (Postgres + Supabase)
You’ll work closely with product, design, and security researchers to create seamless, data-driven experiences that empower our customers to secure the software supply chain.
What You’ll Do
Full-Stack Development
Build and maintain secure, scalable web applications using Next.js/React, TypeScript, and Node – backed by PostgreSQL on Supabase (and AWS RDS during migration). Own features end-to-end from UI to database.
Database-Centric Application Logic
Design and implement business logic close to the data using Postgres functions, views, triggers, Row-Level Security (RLS), and Supabase Edge Functions, minimizing unnecessary middleware and enabling high performance and strong data isolation.
AI-Accelerated Development
Treat tools like Cursor, Devin, GitHub Copilot, and agent frameworks as core parts of your workflow. Use them to:
Scaffold and refactor full-stack features
Generate and evolve schemas, migrations, and RLS policies
Build internal agents that automate repetitive engineering tasks and glue systems together
Application Security First
Embed security best practices into every layer of development — from secure coding and dependency management to data protection and authentication/authorization (Supabase Auth, OAuth2/OIDC, SSO). Collaborate with security researchers to ensure features align with threat models.
Product Collaboration
Work hand-in-hand with product managers and designers to translate customer pain points into impactful, intuitive features. Participate in product discovery and help shape roadmaps with a strong technical and data-informed perspective.
Architect & Scale
Design and optimize API contracts, edge endpoints, and event flows using Next.js (server components, API routes) and Supabase (Edge Functions, real-time). Consider performance, resiliency, and multi-region deployment (read replicas, data partitioning) as first-class concerns.
Data Expertise
Model and optimize relational data in PostgreSQL for large, multi-tenant workloads. Own indexing strategies, query performance, and data partitioning approaches to support 10x–30x growth in customers and data.
Security-Integrated DevOps
Support automated testing, CI/CD pipelines, database migrations, and vulnerability scanning throughout the development lifecycle. Work closely with infrastructure engineers on Supabase + AWS environments, observability, and performance tuning.
Mentorship & Collaboration
Provide guidance and thoughtful code reviews to peers, fostering a culture of quality, security, and ownership. Help raise the bar on full-stack, data-centric, and AI-native engineering practices.
Continuous Learning
Stay ahead of trends in AI-assisted engineering, agentic systems, application security, Next.js, and modern Postgres/Supabase practices, and share what you learn with the team.
What We’re Looking For
Experienced Full-Stack Engineer
Proven track record building and deploying production-grade applications using Next.js/React and TypeScript, with a strong command of PostgreSQL and at least one backend runtime (Node/TypeScript).
Direct experience with Supabase (Auth, Storage, Edge Functions, RLS, migrations) or a very similar Postgres-based BaaS is a strong plus.
AI-Native Developer (Required)
You’re not just “familiar” with AI tools — you actively use things like Cursor, Devin, Copilot daily to:
Accelerate implementation and refactors
Improve test coverage and docs
Explore design alternatives and quickly validate approaches
You understand their failure modes and know when to trust vs verify.
Application Security Expertise
Strong understanding of secure coding practices, authentication/authorization (OAuth2, OIDC), session management, and vulnerability mitigation in web apps. Comfortable working in a security-conscious domain.
Database & Data-Modeling Chops
Deep experience designing relational schemas, optimizing queries, and working on high-volume, multi-tenant Postgres databases. Comfortable reasoning about indexes, query plans, and tradeoffs.
Cybersecurity Awareness
Familiarity with software supply chain risks, SBOMs, CVEs, and vulnerability scanning principles — or a strong interest in learning this domain quickly.
Product Mindset
You think like a product owner — balancing technical excellence, user experience, and business value. You’re comfortable making pragmatic tradeoffs and iterating quickly with stakeholders.
Cloud & Infrastructure
Experience running apps in the cloud, ideally AWS. Familiarity with containers (Docker) and orchestration (Kubernetes) is useful, even if much of the new stack is serverless/managed (Vercel, Supabase, etc.).
Quality-Driven & Collaborative
Passionate about testing (unit, integration, end-to-end), CI/CD automation, and writing maintainable, well-structured code. Excellent communication skills and experience in cross-functional, remote teams.
Our Tech Stack
Core (new stack):
Languages: TypeScript, JavaScript, Python
Frontend: Next.js, React
Backend / Platform: Supabase (PostgreSQL, Auth, Edge Functions, Storage), Node/TypeScript services
Data: PostgreSQL (Supabase + AWS RDS during migration), Redis
Security & DevOps:
Auth & Security: Supabase Auth, OAuth2/OIDC, GitHub, Trivy, Snyk
Infrastructure: AWS, Docker, Kubernetes (for supporting services), modern CI/CD
AI Tools: Cursor, Devin, GitHub Copilot, and modern agent frameworks where appropriate
Nice-to-Haves
Agentic Systems Experience
Experience designing or shipping agentic workflows using modern frameworks such as Agno, Vercel AI SDK, or similar (LangChain, LlamaIndex, etc.) for internal tools, customer-facing automation, or developer productivity.
Supabase DBA / Performance
Hands-on experience with database administration and performance tuning on Supabase/Postgres — connection pooling, query analysis, indexing strategy, partitioning, and capacity planning.
Experience in software supply chain security, SBOM analysis, or vulnerability intelligence.
Familiarity with observability tools (Honeycomb, Datadog, Prometheus).
Background in DevSecOps or secure CI/CD pipeline development.
Experience contributing to or leading product-focused engineering efforts in cybersecurity startups.
Your 90-Day Success Path
30 Days:
Ship small full-stack features in our Next.js + Supabase stack; learn our security and data architecture; demonstrate effective use of AI tools + agentic workflows in your day-to-day work.
60 Days:
Own and deliver secure, high-impact features end-to-end; contribute to schema and API design; help refine patterns for RLS, migrations, edge functions, and internal AI/agent tooling.
90 Days:
Lead new initiatives, drive improvements in performance and security posture, shape our full-stack and AI-native architecture, and mentor peers on Next.js, Supabase, and AI-accelerated development.
Why You’ll Love Working Here
Competitive Compensation: Salary + equity options.
Comprehensive Benefits: Fully covered medical, dental, and vision.
Flexible Time Off: Unlimited PTO plus generous parental leave.
Remote-First: Work from anywhere in Canada or the United States with a WFH stipend and flexible hours.
Mission-Driven Work: Your code directly contributes to protecting the connected world.
Built on two decades of cybersecurity experience, our team of experts understands the hidden risks in today’s enterprise networks, where IoT vulnerabilities are quickly becoming the entry point of choice for cyber attacks.
We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2017 in Columbus, Ohio.
Finite State has a transparent, collaborative and supportive culture - we are looking for people who have a growth mindset, are curious and innovative, and drive results. Our team is smart, but humble, hard working with lots of fun sprinkled in. Above all, our team is driven by our noble mission and we hold ourselves accountable to delivering to our customers every single day.
The Finite State platform brings visibility and control to the supply chains that create connected devices and embedded systems—all in a simple to use platform and at the scale manufacturers need to keep device production on time and on budget. After unpacking and analyzing every file, configuration, and setting in a firmware build, the platform generates a complete bill of materials for software components, identifies known and 0-day vulnerabilities, shows a contextual risk score, and provides actionable insights that product teams can use to secure their software
We are proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Finite State is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.
