Founding Full-Stack Engineer (Remote)

ManticoreAI. Backed by leading US cybersecurity investors. Remote. High-intensity.

We're an AI-native offensive security company, backed by well-known US cybersecurity investors, building what the security industry has talked about for a decade and never shipped. Pentesting today is slow, manual, and stale the day it's delivered. We rebuilt it from the ground up: AI agents that reason through vulnerabilities like an elite operator, prove what's actually exploitable instead of pattern-matching, and produce CREST-certified, audit-grade findings that Big 4 auditors accept for SOC 2, PCI DSS, and ISO 27001.

Then we close the loop no one else closes. We don't just find the exploit. We generate the virtual patch that blocks it and the code fix that removes it. Prove, protect, fix. That full loop is the breakthrough, and we have a five-year head start on the architecture behind it.

20 months of build. Production platform. Paying customers. This is a real shot at defining a category, not iterating on someone else's.

Read this first. This is not a balanced-lifestyle role. We move at startup pace because the window to win this market is now, not in three years. If you want predictable hours, weekends fully off, and a calm Slack, this isn't it. If you want to ship the fastest, deepest work of your career alongside people who care obsessively about what they build, keep reading.

What You'd Own

Our SaaS control plane is how customers interact with the whole platform:

• A mature Nuxt 4 / Vue 3 codebase — 100+ pages, hundreds of API routes, deep Supabase use
• Multi-tenant with RLS (including MSP / white-label mode)
• Stripe billing — subscriptions, credit packs, vouchers, invoices
• Trigger.dev async orchestration — assessment launches, report generation, email digests, ticketing sync, certificate management
• Integrations: Jira, ServiceNow, Slack, GitHub, GitLab, Bitbucket, Azure DevOps, IDE extensions, SSO

You'd also own a Go VPN client customers run on-prem for internal assessments. You won't be pushing huge Go features regularly — but you own the interface between it and the dashboard, and pick up Go work when it's needed.

You report directly to the founder as our founding full-stack engineer on the SaaS side. You set the direction for everything frontend+backend on the SaaS, you mentor the SaaS #2 hire when they join month 5-6, and you're the second voice in the room for cross-repo architectural decisions.

Who You Are

Must have:

• 6+ years shipping TypeScript + Vue or React in production
• Have owned a SaaS codebase end-to-end — not "worked on features," but "set the direction"
• Postgres + RLS is second nature. You can read a policy, tell me why it's slow, rewrite it correctly
• Built multi-tenant B2B SaaS with subscription billing at least once
• Strong async JS / Node server-side, Stripe (or comparable billing)

Nice to have:

• Nuxt 4 specifically (otherwise ~2 weeks to ramp from React)
• Cloudflare Workers experience
• Supabase (vs. roll-your-own Postgres)
• Go for the connector work (learnable if motivated)
• Trigger.dev or comparable background job systems
• Offensive security background or strong interest

Filters:

• You use AI tooling daily (Claude Code, Cursor, Copilot). Skeptics about AI in dev workflow won't enjoy this codebase.
• Strong written English (async-first team)
• You read docs and update them. Our codebase is heavily documented and we expect contributors to keep it that way. How you use the docs in the take-home tells us a lot.

Tech Stack

Nuxt 4 SPA (SSR-disabled) on Cloudflare Workers. Vue 3 + Pinia + Vue Query. Supabase Postgres with deep RLS. Trigger.dev for async. Stripe for billing. Sentry + Langfuse for observability. Vitest + Playwright + pgTAP for testing.

You'll also occasionally touch Go (the on-prem connector) and Python (cross-repo coordination with the scanner team).

What This Isn't

• A frontend-only role. You own server + DB + client.
• A ticket-taking role. You decide what ships next, and often why.
• An "AI engineer" role. Our AI agents live in the scanner side of the platform. You'll consume their outputs; you won't tune agent prompts.
• A balanced-lifestyle role. We work hard. Long days, customer escalations on weekends sometimes, ship-it-tonight when something's broken. If that drains you, this isn't a fit. If it energizes you, you'll thrive here.