Senior Backend Engineer

Senior Backend Engineer Full-time · Contract-to-Hire · Remote · US strongly preferred Level: Mid-to-Senior — 5-7 years, depth over breadth Industry: Health tech Start: Immediate Approach: AI-forward, non negotiable THE OPPORTUNITY You're joining at the ground floor of a category-defining moment. 1 in 8 American adults have now taken peptides — and it's going mainstream fast. CollectiveOS is the Thrive Market for peptides: a platform offering access to clinician-guided, medical grade peptide protocols at 50% below retail pricing, sourced from licensed US pharmacies. Built by a team that has helped build three unicorns, including Thrive Market and Function Health. This is a regulated platform operating across 30 states with real obligations to real patients. Users trust us with health information, payment data, and clinical relationships. The backend has to be bulletproof — not because of theoretical risk, but because of those real obligations. This role is the person who makes sure that's true, and who builds the things on top of it. COMPENSATION & TIMELINE STRUCTURE: Paid trial to start. Competitive cash compensation from day one. Contract-to-hire— fastest way to find the right long-term fit and let you see us up close. UPSIDE: Ground-floor equity. Real equity in a funded D2C peptide startup, riding a category curve that's about to go vertical. The team has helped build three unicorns. You'd be early. TIMELINE: Immediate start. We are moving fast. The right person can start within weeks. We will not draw out the process for the sake of process. THE ROLE AI-forward — uses AI to multiply leverage, not to skip thinking This is a backend-primary role with real range. You own the API, the data model, the integration layer, the AWS infrastructure, and the security posture. You also own the API integration with the front-end — the contracts, the testing infrastructure, the connective code that keeps both sides honest. When the mobile app comes, you own the API layer it talks to. Architecturally: NestJS modular monolith on ECS Fargate, RDS PostgreSQL with KMS-backed encryption, ElastiCache Redis for rate limiting, S3 + KMS for document storage, self-built auth (bcrypt + JWT with refresh rotation + TOTP MFA + RBAC), immutable audit log schema with INSERT-only application access, shared Zod schemas in a Turborepo monorepo. Test layers: Jest (unit, integration, smoke, regression), Playwright E2E across desktop and mobile viewports, Chromatic for visual regression. CloudWatch alarms with auto-rollback on error rate and latency thresholds. CloudTrail for infra-level access, custom audit middleware for app-level PHI access. PHI-tagged fields enforced by ESLint rule. The architecture is in place. What we need is a backend owner who can harden it, evolve it, and own it under any kind of scrutiny. NestJS · TypeScript · PostgreSQL · Zod · Turborepo · AWS(ECS Fargate, RDS, KMS, S3, ElastiCache, CloudTrail, Secrets Manager) · GitHub Actions · Jest · Playwright · Chromatic A NOTE ON SCOPE AND SELF-DIRECTION This is a startup. Roles collapse. Lanes blur. We're hiring for a core skill set — backend, infrastructure, security — but the right person doesn't wait to be assigned work. When the core responsibilities are humming, they look sideways: what's not getting done, what's broken at the edges, what would unblock the rest of the team. We don't want someone who needs perfectly-sized tickets handed to them. We want someone who finds the next problem before we know it's a problem. CORE RESPONSIBILITIES Backend architecture and ownership · Owns Owns the NestJS API and the PostgreSQL data model end-to-end: order processing, user lifecycle, clinician encounter workflow, prescription state machine, payment processing integration, audit trail. Sets architectural direction, reviews PRs, and is accountable for the system holding up under real production load. NestJS module structure · PostgreSQL data modeling at production scale · shared Zod schemas across services · query plan reading · indexing strategy Infrastructure and DevOps · Owns Owns the AWS production environment end-to-end: ECS Fargate services, RDS, S3, KMS, CloudTrail, Secrets Manager, IAM. Owns the GitHub Actions CI/CD pipeline, deployment workflow, monitoring and alerting setup, and on-call posture. We are a small team — there is no separate DevOps function. The same person who writes the API also owns the infrastructure it runs on. Comfortable in IaC, container orchestration at our scale, and the cost dynamics of running a regulated workload on AWS. ECS Fargate · IaC · CloudWatch alarms with auto-rollback thresholds · ECR image scanning · auto-scaling · cost dynamics of regulated AWS workloads · on-call posture Security and audit posture · Owns Owns the security posture of the platform. CollectiveOS handles sensitive health and personal data across 30 states. The bar is to operate like a regulated entity even where the regulation is voluntary — protected data treated as protected, audit trails treated as evidence, every architectural decision defensible under scrutiny. Encryption at rest and in transit · IAM least-privilege · immutable audit log (INSERT-only application access) · BAA review with legal · ESLint PHI tag enforcement · threat modeling · breach response Integrations and data flow · Owns Owns the API and webhook plumbing for every external vendor the platform talks to: pharmacy fulfillment, payment processing, identity verification, user messaging through Customer.io, product analytics through PostHog, consent governance through Ours Privacy. This role owns the integration code — firing events, receiving webhooks, handling retries, enforcing contracts. Each integration has its own contract, retry semantics, failure modes, and sensitive-data exposure profile. Vendor adapter interfaces are written and approved before any concrete implementation — swapping must be contained to one module. Treats every integration as an attack surface and a reliability risk simultaneously. Vendor adapter interfaces · webhook idempotency · retry and backoff · circuit breakers · BAA verification · CIT/MIT semantics · tokenized card capture API integration and testing infrastructure · Owns Owns the API integration layer between the user-facing surface and the data layer. When the front-end function ships a new screen, you wire it to the right API, you make sure the contract holds, you write the integration tests that catch the next regression. Owns the testing infrastructure end-to-end — unit, integration, smoke, regression. Not doing the front-end design or styling work, but owning the API integration so neither side breaks the other. Jest coverage thresholds (80/80/80) · Playwright E2E across desktop and mobile viewports · Chromatic visual regression on PRs · post-deploy smoke with auto-rollback · regression test library · CI test infrastructure AI infrastructure and developer leverage · Owns Owns the AI-assisted build pipeline for backend work. Refines the review skills that adversarial agents run on every PR. The bar is leverage: one engineer doing the work of three, not one engineer making three engineers' worth of mistakes. Tool of choice is yours. Multi-model adversarial review · skill authoring · custom ESLint guardrails · machine-readable approval gates · AI-output verification Cross-functional contribution · Contributes Works with the front-end function on API contracts and shared schemas. Works with marketing on event instrumentation that respects data governance constraints. Works with legal counsel on technical-legal questions. Fluent across the surface area without owning anything outside the lane. Shared schema design across web and API · HIPAA-safe event allowlists for ad platforms · legal-technical translation ON THE HORIZON CollectiveOS is shipping web first. A native mobile app is on the roadmap. When that build kicks off, this role owns the API layer the app talks to — auth, offline sync, push notifications. Not a near-term distraction, but worth knowing it's coming. HOW SUCCESS IS MEASURED Zero security incidents — no breaches, no near-misses, no "oh god we shipped that" moments Audit-ready at all times — if an audit landed tomorrow, we pass without scramble Integration uptime — pharmacy, payments, identity, and messaging all hold up under real load Frontend-backend latency — design ships, integration ships, neither blocks the other AI-leverage velocity — ships at startup speed without sacrificing quality or compliance Cost discipline — infrastructure, AI tooling, and vendor costs scale with revenue, not ahead of it MUST-HAVE QUALITIES Background and credibility - 5-7 years backend engineering experience, including at least one tour in a regulated environment (PCI, SOC 2, fintech, healthcare, or similar) - Hands-on AWS production experience — has owned infrastructure end-to-end, not just consumed it. IAM, VPC, KMS, RDS, S3, ECS or equivalent container orchestration are vocabulary, not buzzwords - Comfortable being the named person on architecture decisions — can hold their position under technical scrutiny - Has shipped systems handling regulated health or financial data in production, or has done equivalent work in a comparable regulatory environment and can map the patterns Technical depth - NestJS or comparable opinionated TypeScript framework — Spring Boot, Django, Rails count if the patterns transfer - PostgreSQL data modeling at production scale — partitioning, indexing strategy, query plan reading - API design — REST, webhooks, idempotency, retry semantics, vendor integration patterns - Security depth — encryption tradeoffs, IAM design, audit logging, threat modeling - CI/CD and deployment automation — GitHub Actions or equivalent. Has owned a deployment pipeline, not just shipped to one - Testing infrastructure ownership — unit, integration, smoke, regression. Not a tester. An engineer who builds the testing layer that lets the rest of the team move fast Mindset - AI-first coder — uses AI agents (Cursor, Claude Code, equivalents) to write code. Has opinions on what AI tooling does well versus poorly. Excited about AI infrastructure as a domain to own, not threatened by it. Tool of choice doesn't matter; fluency does - Pragmatic over dogmatic — best practice is a starting point, not a prison - Direct and async-friendly — fits a small team where everyone has skin in the game - Excited about peptides, longevity, and consumer health — or fast to get there Logistics - US-based strongly preferred. Exceptional non-US candidates considered with appropriate technical access controls in place - US business hours required regardless of location If this sounds like the right fit, we'd love to hear from you. We're looking for someone who has done the regulated-environment work before, embraces AI as a force multiplier, and wants to be the named architect on a system that real patients depend on — built by a team that has done it before.