Senior Full-Stack Engineer

We are an early-stage, founder-led company building a B2B SaaS platform on the Microsoft 365 and Azure ecosystem. We are bootstrapped, deliberately heads-down, and not discussing the product publicly yet. This posting is intentionally about the work and the stack — not the product. The architecture is fully documented and shared in detail after a mutual NDA. You will know exactly what you are building before you commit to anything. 01 · The opportunity This is a founding engineering seat on a platform that is already fully specified in writing — locked architecture documents, a phase map, and written definition-of-done criteria. You are not being asked to discover requirements or invent the system. You are being asked to execute a documented architecture precisely, with senior judgment, and to move fast. We are being straight about the stage: bootstrapped, pre-launch, founder-led, no outside funding. That is the deal, and for the right person it is the appeal — ground-floor ownership of a serious technical build, direct line to the founder, and no committee between you and shipped code. 02 · What you will work on In plain terms — the technical shape of the work, without the product specifics: • A multi-tenant TypeScript / NestJS backend on PostgreSQL 16, with strict schema-level tenant isolation. • Durable, retryable, auditable workflow orchestration on Temporal — long-running processes that must never silently fail. • Deep Microsoft Graph and Entra ID integration, plus a Microsoft Teams application as a primary surface. • Everything on Azure, defined as infrastructure-as-code (Bicep), with CI/CD on GitHub Actions and security tests gating every pull request. • An AI-assisted engineering workflow as the standard method — you steer AI tooling and own quality on the paths that matter. 03 · How we build — AI-assisted, human-steered We build with AI coding tools as a force multiplier. This is the method, not an experiment. We expect you to be the human in the loop — steering output, catching drift, and owning the security-critical and architecturally-significant code yourself. Layer In practice AI generates Boilerplate, CRUD, migrations, test scaffolding, repetitive structures, IaC definitions. You steer You set the context, review against the architecture docs, and accept or reject before merge. You own Security-critical paths, tenant-isolation logic, workflow design, and the identity integration model. We are not asking you to be an AI researcher. We are asking you to work the way the best engineers already work: use the tool, keep your judgment, ship working code faster. 04 · What you need Required — must be able to demonstrate Area Microsoft graph - this is the largest gap. We are seeing in the candidate pool. TypeScript / NestJS Production TypeScript, NestJS modular architecture, strict mode, service / repository pattern. PostgreSQL Multi-tenancy in production (schema-per-tenant, RLS, or separate databases — and the reasoning behind the choice). Migrations via Prisma or TypeORM. pgvector a plus. Microsoft Graph Graph API / Entra ID experience — user, group, and licence operations; admin consent; OAuth 2.0 / on-behalf-of; application-permission scoping. Closest equivalent considered if not Graph specifically. Durable workflows Temporal, or equivalent durable-execution / saga / orchestration experience (signals, compensation, retries). Azure + IaC Azure (Container Apps, PostgreSQL Flexible Server, Service Bus, Key Vault) defined as Bicep. No manual portal configuration. CI/CD GitHub Actions: auto-deploy to staging from main, integration and security tests on every PR. Security Zero secrets in code or env vars; secret-manager integration; RBAC enforced and tested; auth coverage in CI. AI-assisted workflow Competent, quality-controlled use of Claude / Copilot / Cursor. A hard requirement, not a nice-to-have. Strongly preferred • Microsoft Teams app development (Bot Framework SDK v4, Teams JS SDK, multi-tenant app registration). • Multi-tenant B2B SaaS experience. • Identity / zero-trust familiarity (PIM, least-privilege, just-in-time access). • Early-stage or founding-engineer experience — comfortable with ambiguity, documents decisions, raises blockers early.