Senior Full-Stack Software Engineer (Java + JavaScript)

Senior Full-Stack Software Engineer (Java + JavaScript)

Location: Canada & United States (Remote)

Why Finite State

Join a mission-driven team that’s securing the connected world. At Finite State, you’ll work alongside some of the brightest minds in cybersecurity and software supply chain analysis to uncover and mitigate vulnerabilities hidden in the firmware and software that power everything from cars to medical devices.

Your work will have a direct impact on protecting critical infrastructure and shaping the future of IoT and device security — all within a flexible, fully remote culture that values innovation, craftsmanship, and measurable impact.

The Role

We’re looking for a Senior Full-Stack Software Engineer with deep expertise in Java, JavaScript, and application security to design, build, and deliver the scalable, secure systems behind our cybersecurity platform.

This is a hands-on, product-focused role for an engineer who thrives at the intersection of secure software engineering and product innovation — someone who can design full-stack solutions, think strategically about risk and performance, and leverage AI development tools (Cursor, Devin, GitHub Copilot) to maximize velocity and quality.

You’ll work closely with product, design, and security researchers to create seamless, data-driven experiences that empower our customers to secure the software supply chain.

What You’ll Do

• Full-Stack Development: Build and maintain secure, scalable web applications using Java (Spring Boot, Quarkus) and Next.js/React.

• Application Security First: Embed security best practices into every layer of development — from secure coding and dependency management to data protection and authentication/authorization (Keycloak, Auth0).

• Product Collaboration: Work hand-in-hand with product managers and designers to translate customer pain points into impactful, intuitive features.

• AI-Accelerated Development: Leverage tools like Cursor, Devin, and GitHub Copilot to prototype, refactor, test, and deploy high-quality code efficiently.

• Architect & Scale: Design and optimize distributed systems, APIs (REST/GraphQL), and backend infrastructure for performance, reliability, and resilience.

• Data Expertise: Model and optimize relational data in PostgreSQL, ensuring consistency and scalability.

• Security-Integrated DevOps: Support automated testing, CI/CD pipelines, and vulnerability scanning throughout the development lifecycle.

• Mentorship & Collaboration: Provide guidance and thoughtful code reviews to peers, fostering a culture of quality and security.

• Continuous Learning: Stay ahead of trends in AI-assisted engineering, application security, and cybersecurity technologies.

What We’re Looking For

• Experienced Full-Stack Engineer: Proven track record building and deploying production-grade applications using Java (Spring Boot, Quarkus) and JavaScript (React, Next.js).

• Application Security Expertise: Deep understanding of secure coding practices, authentication/authorization (OAuth2, OIDC), dependency management, and vulnerability mitigation.

• Cybersecurity Awareness: Familiarity with common software supply chain risks, SBOMs, CVEs, and vulnerability scanning principles.

• Product Mindset: You think like a product owner — balancing technical excellence, user experience, and business value.

• AI-Native Developer: Skilled in using AI tools (Cursor, Devin, Copilot) to enhance productivity and code quality.

• Cloud & Containers: Experience with Docker, Kubernetes, and cloud providers (AWS, GCP, or Azure).

• Quality-Driven: Passionate about testing, CI/CD automation, and maintainable code.

• Collaborative: Excellent communication skills and experience working in cross-functional, remote teams.

Our Tech Stack

• Languages: Java, JavaScript, Python

• Frameworks: Quarkus, Spring Boot, Next.js, React

• Infrastructure: Docker, Kubernetes, PostgreSQL, Redis, ArangoDB

• Auth & Security Tools: Keycloak, Auth0, GitHub, Trivy, Snyk

• AI Tools: Cursor, Devin, GitHub Copilot

Nice-to-Haves

• Experience in software supply chain security, SBOM analysis, or vulnerability intelligence.

• Familiarity with observability tools (Honeycomb, Datadog, Prometheus).

• Background in DevSecOps or secure CI/CD pipeline development.

• Experience contributing to or leading product-focused engineering efforts in cybersecurity startups.

Your 90-Day Success Path

• 30 Days: Contributing full-stack features, learning our security architecture, and engaging with the team.

• 60 Days: Designing and implementing secure, high-impact features with product alignment.

• 90 Days: Leading new initiatives, improving security posture, and mentoring peers.

Why You’ll Love Working Here

• Competitive Compensation: Salary + equity options.

• Comprehensive Benefits: Fully covered medical, dental, and vision.

• Flexible Time Off: Unlimited PTO plus generous parental leave.

• Remote-First: Work from anywhere in Canada with a WFH stipend and flexible hours.

• Mission-Driven Work: Your code directly contributes to protecting the connected world.