Senior Full-Stack Software Engineer (Java + JavaScript)

Finite State partners with product security teams, the guardians of our connected world, to create transparency for their connected devices and supply chains. Our platform handles connected devices and embedded systems across all industries, including those found in enterprises, healthcare, utilities, connected vehicles, manufacturing facilities, critical infrastructure, and government entities. 

We are a fast-growing series-B company with a fully distributed workforce. Led by a team of seasoned experts, we are a mission-driven team passionate about arming our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. We are committed to a remote first culture.

Senior Full-Stack Software Engineer (Java + JavaScript)

Location: Canada & United States (Remote)

Why Finite State

Join a mission-driven team that’s securing the connected world. At Finite State, you’ll work alongside some of the brightest minds in cybersecurity and software supply chain analysis to uncover and mitigate vulnerabilities hidden in the firmware and software that power everything from cars to medical devices.

Your work will have a direct impact on protecting critical infrastructure and shaping the future of IoT and device security — all within a flexible, fully remote culture that values innovation, craftsmanship, and measurable impact.

The Role

We’re looking for a Senior Full-Stack Software Engineer with deep expertise in Java, JavaScript, and application security to design, build, and deliver the scalable, secure systems behind our cybersecurity platform.

This is a hands-on, product-focused role for an engineer who thrives at the intersection of secure software engineering and product innovation — someone who can design full-stack solutions, think strategically about risk and performance, and leverage AI development tools (Cursor, Devin, GitHub Copilot) to maximize velocity and quality.

You’ll work closely with product, design, and security researchers to create seamless, data-driven experiences that empower our customers to secure the software supply chain.

What You’ll Do

• Full-Stack Development: Build and maintain secure, scalable web applications using Java (Spring Boot, Quarkus) and Next.js/React.
  
  
• Application Security First: Embed security best practices into every layer of development — from secure coding and dependency management to data protection and authentication/authorization (Keycloak, Auth0).
  
  
• Product Collaboration: Work hand-in-hand with product managers and designers to translate customer pain points into impactful, intuitive features.
  
  
• AI-Accelerated Development: Leverage tools like Cursor, Devin, and GitHub Copilot to prototype, refactor, test, and deploy high-quality code efficiently.
  
  
• Architect & Scale: Design and optimize distributed systems, APIs (REST/GraphQL), and backend infrastructure for performance, reliability, and resilience.
  
  
• Data Expertise: Model and optimize relational data in PostgreSQL, ensuring consistency and scalability.
  
  
• Security-Integrated DevOps: Support automated testing, CI/CD pipelines, and vulnerability scanning throughout the development lifecycle.
  
  
• Mentorship & Collaboration: Provide guidance and thoughtful code reviews to peers, fostering a culture of quality and security.
  
  
• Continuous Learning: Stay ahead of trends in AI-assisted engineering, application security, and cybersecurity technologies.
  
  

What We’re Looking For

• Experienced Full-Stack Engineer: Proven track record building and deploying production-grade applications using Java (Spring Boot, Quarkus) and JavaScript (React, Next.js).
  
  
• Application Security Expertise: Deep understanding of secure coding practices, authentication/authorization (OAuth2, OIDC), dependency management, and vulnerability mitigation.
  
  
• Cybersecurity Awareness: Familiarity with common software supply chain risks, SBOMs, CVEs, and vulnerability scanning principles.
  
  
• Product Mindset: You think like a product owner — balancing technical excellence, user experience, and business value.
  
  
• AI-Native Developer: Skilled in using AI tools (Cursor, Devin, Copilot) to enhance productivity and code quality.
  
  
• Cloud & Containers: Experience with Docker, Kubernetes, and cloud providers (AWS, GCP, or Azure).
  
  
• Quality-Driven: Passionate about testing, CI/CD automation, and maintainable code.
  
  
• Collaborative: Excellent communication skills and experience working in cross-functional, remote teams.
  
  

Our Tech Stack

• Languages: Java, JavaScript, Python
• Frameworks: Quarkus, Spring Boot, Next.js, React
• Infrastructure: Docker, Kubernetes, PostgreSQL, Redis, ArangoDB
• Auth & Security Tools: Keycloak, Auth0, GitHub, Trivy, Snyk
• AI Tools: Cursor, Devin, GitHub Copilot

Nice-to-Haves

• Experience in software supply chain security, SBOM analysis, or vulnerability intelligence.
  
  
• Familiarity with observability tools (Honeycomb, Datadog, Prometheus).
  
  
• Background in DevSecOps or secure CI/CD pipeline development.
  
  
• Experience contributing to or leading product-focused engineering efforts in cybersecurity startups.
  
  

Your 90-Day Success Path

• 30 Days: Contributing full-stack features, learning our security architecture, and engaging with the team.
  
  
• 60 Days: Designing and implementing secure, high-impact features with product alignment.
  
  
• 90 Days: Leading new initiatives, improving security posture, and mentoring peers.
  
  

Why You’ll Love Working Here

• Competitive Compensation: Salary + equity options.
  
  
• Comprehensive Benefits: Fully covered medical, dental, and vision.
  
  
• Flexible Time Off: Unlimited PTO plus generous parental leave.
  
  
• Remote-First: Work from anywhere in Canada with a WFH stipend and flexible hours.
  
  
• Mission-Driven Work: Your code directly contributes to protecting the connected world.
  
  

About Us

Built on two decades of cybersecurity experience, our team of experts understands the hidden risks in today’s enterprise networks, where IoT vulnerabilities are quickly becoming the entry point of choice for cyber attacks.

We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2017 in Columbus, Ohio.

Finite State has a transparent, collaborative and supportive culture - we are looking for people who have a growth mindset, are curious and innovative, and drive results. Our team is smart, but humble, hard working with lots of fun sprinkled in. Above all, our team is driven by our noble mission and we hold ourselves accountable to delivering to our customers every single day.

The Finite State platform brings visibility and control to the supply chains that create connected devices and embedded systems—all in a simple to use platform and at the scale manufacturers need to keep device production on time and on budget. After unpacking and analyzing every file, configuration, and setting in a firmware build, the platform generates a complete bill of materials for software components, identifies known and 0-day vulnerabilities, shows a contextual risk score, and provides actionable insights that product teams can use to secure their software

We are proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Finite State is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.