**Senior Backend Engineer**
Full-time · Contract-to-Hire · Remote · US strongly preferred
**Level:** Mid-to-Senior — 5-7 years, depth over breadth
**Industry:** Health tech
**Start:** Immediate
* _Approach: *_ AI-forward, non negotiable
**THE OPPORTUNITY**
You're joining at the ground floor of a category-defining moment.
1 in 8 American adults have now taken peptides — and it's going mainstream
fast. CollectiveOS is the Thrive Market for peptides: a platform offering
access to clinician-guided, medical grade peptide protocols at 50% below
retail pricing, sourced from licensed US pharmacies.
Built by a team that has helped build three unicorns, including Thrive Market
and Function Health.
This is a regulated platform operating across 30 states with real obligations
to real patients. Users trust us with health information, payment data, and
clinical relationships. The backend has to be bulletproof — not because of
theoretical risk, but because of those real obligations. This role is the
person who makes sure that's true, and who builds the things on top of it.
**COMPENSATION & TIMELINE**
**STRUCTURE:** Paid trial to start.
Competitive cash compensation from day one. Contract-to-hire — fastest way to
find the right long-term fit and let you see us up close.
**UPSIDE:** Ground-floor equity.
Real equity in a funded D2C peptide startup, riding a category curve that's
about to go vertical. The team has helped build three unicorns. You'd be
early.
**TIMELINE:** Immediate start.
We are moving fast. The right person can start within weeks. We will not draw
out the process for the sake of process.
**THE ROLE**
AI-forward — uses AI to multiply leverage, not to skip thinking
This is a backend-primary role with real range. You own the API, the data
model, the integration layer, the AWS infrastructure, and the security
posture. You also own the API integration with the front-end — the contracts,
the testing infrastructure, the connective code that keeps both sides honest.
When the mobile app comes, you own the API layer it talks to.
Architecturally: NestJS modular monolith on ECS Fargate, RDS PostgreSQL with
KMS-backed encryption, ElastiCache Redis for rate limiting, S3 + KMS for
document storage, self-built auth (bcrypt + JWT with refresh rotation + TOTP
MFA + RBAC), immutable audit log schema with INSERT-only application access,
shared Zod schemas in a Turborepo monorepo.
Test layers: Jest (unit, integration, smoke, regression), Playwright E2E
across desktop and mobile viewports, Chromatic for visual regression.
CloudWatch alarms with auto-rollback on error rate and latency thresholds.
CloudTrail for infra-level access, custom audit middleware for app-level PHI
access. PHI-tagged fields enforced by ESLint rule. The architecture is in
place. What we need is a backend owner who can harden it, evolve it, and own
it under any kind of scrutiny.
_NestJS · TypeScript · PostgreSQL · Zod · Turborepo · AWS (ECS Fargate, RDS,
KMS, S3, ElastiCache, CloudTrail, Secrets Manager) · GitHub Actions · Jest ·
Playwright · Chromatic_
**A NOTE ON SCOPE AND SELF-DIRECTION**
This is a startup. Roles collapse. Lanes blur. We're hiring for a core skill
set — backend, infrastructure, security — but the right person doesn't wait to
be assigned work. When the core responsibilities are humming, they look
sideways: what's not getting done, what's broken at the edges, what would
unblock the rest of the team. We don't want someone who needs perfectly-sized
tickets handed to them. We want someone who finds the next problem before we
know it's a problem.
**CORE RESPONSIBILITIES**
**Backend architecture and ownership · Owns**
Owns the NestJS API and the PostgreSQL data model end-to-end: order
processing, user lifecycle, clinician encounter workflow, prescription state
machine, payment processing integration, audit trail. Sets architectural
direction, reviews PRs, and is accountable for the system holding up under
real production load.
_NestJS module structure · PostgreSQL data modeling at production scale ·
shared Zod schemas across services · query plan reading · indexing strategy_
**Infrastructure and DevOps · Owns**
Owns the AWS production environment end-to-end: ECS Fargate services, RDS, S3,
KMS, CloudTrail, Secrets Manager, IAM. Owns the GitHub Actions CI/CD pipeline,
deployment workflow, monitoring and alerting setup, and on-call posture. We
are a small team — there is no separate DevOps function. The same person who
writes the API also owns the infrastructure it runs on. Comfortable in IaC,
container orchestration at our scale, and the cost dynamics of running a
regulated workload on AWS.
_ECS Fargate · IaC · CloudWatch alarms with auto-rollback thresholds · ECR
image scanning · auto-scaling · cost dynamics of regulated AWS workloads · on-
call posture_
**Security and audit posture · Owns**
Owns the security posture of the platform. Collective handles sensitive health
and personal data across 30 states. The bar is to operate like a regulated
entity even where the regulation is voluntary — protected data treated as
protected, audit trails treated as evidence, every architectural decision
defensible under scrutiny.
_Encryption at rest and in transit · IAM least-privilege · immutable audit log
(INSERT-only application access) · BAA review with legal · ESLint PHI tag
enforcement · threat modeling · breach response_
**Integrations and data flow · Owns**
Owns the API and webhook plumbing for every external vendor the platform talks
to: pharmacy fulfillment, payment processing, identity verification, user
messaging through Customer.io, product analytics through PostHog, consent
governance through Ours Privacy. This role owns the integration code — firing
events, receiving webhooks, handling retries, enforcing contracts. Each
integration has its own contract, retry semantics, failure modes, and
sensitive-data exposure profile. Vendor adapter interfaces are written and
approved before any concrete implementation — swapping must be contained to
one module. Treats every integration as an attack surface and a reliability
risk simultaneously.
_Vendor adapter interfaces · webhook idempotency · retry and backoff · circuit
breakers · BAA verification · CIT/MIT semantics · tokenized card capture_
**API integration and testing infrastructure · Owns**
Owns the API integration layer between the user-facing surface and the data
layer. When the front-end function ships a new screen, you wire it to the
right API, you make sure the contract holds, you write the integration tests
that catch the next regression. Owns the testing infrastructure end-to-end —
unit, integration, smoke, regression. Not doing the front-end design or
styling work, but owning the API integration so neither side breaks the other.
_Jest coverage thresholds (80/80/80) · Playwright E2E across desktop and
mobile viewports · Chromatic visual regression on PRs · post-deploy smoke with
auto-rollback · regression test library · CI test infrastructure_
**AI infrastructure and developer leverage · Owns**
Owns the AI-assisted build pipeline for backend work. Refines the review
skills that adversarial agents run on every PR. The bar is leverage: one
engineer doing the work of three, not one engineer making three engineers'
worth of mistakes. Tool of choice is yours.
_Multi-model adversarial review · skill authoring · custom ESLint guardrails ·
machine-readable approval gates · AI-output verification_
**Cross-functional contribution · Contributes**
Works with the front-end function on API contracts and shared schemas. Works
with marketing on event instrumentation that respects data governance
constraints. Works with legal counsel on technical-legal questions. Fluent
across the surface area without owning anything outside the lane.
_Shared schema design across web and API · HIPAA-safe event allowlists for ad
platforms · legal-technical translation_
**ON THE HORIZON**
Collective is shipping web first. A native mobile app is on the roadmap. When
that build kicks off, this role owns the API layer the app talks to — auth,
offline sync, push notifications. Not a near-term distraction, but worth
knowing it's coming.
**HOW SUCCESS IS MEASURED**
* Zero security incidents — no breaches, no near-misses, no "oh god we shipped that" moments
* Audit-ready at all times — if an audit landed tomorrow, we pass without scramble
* Integration uptime — pharmacy, payments, identity, and messaging all hold up under real load
* Frontend-backend latency — design ships, integration ships, neither blocks the other
* AI-leverage velocity — ships at startup speed without sacrificing quality or compliance
* Cost discipline — infrastructure, AI tooling, and vendor costs scale with revenue, not ahead of it
**MUST-HAVE QUALITIES**
**Background and credibility**
* 5-7 years backend engineering experience, including at least one tour in a regulated environment (PCI, SOC 2, fintech, healthcare, or similar)
* Hands-on AWS production experience — has owned infrastructure end-to-end, not just consumed it. IAM, VPC, KMS, RDS, S3, ECS or equivalent container orchestration are vocabulary, not buzzwords
* Comfortable being the named person on architecture decisions — can hold their position under technical scrutiny
* Has shipped systems handling regulated health or financial data in production, or has done equivalent work in a comparable regulatory environment and can map the patterns
**Technical depth**
* NestJS or comparable opinionated TypeScript framework — Spring Boot, Django, Rails count if the patterns transfer
* PostgreSQL data modeling at production scale — partitioning, indexing strategy, query plan reading
* API design — REST, webhooks, idempotency, retry semantics, vendor integration patterns Security depth — encryption tradeoffs, IAM design, audit logging, threat modeling
* CI/CD and deployment automation — GitHub Actions or equivalent. Has owned a deployment pipeline, not just shipped to one
* Testing infrastructure ownership — unit, integration, smoke, regression. Not a tester. An engineer who builds the testing layer that lets the rest of the team move fast
**Mindset**
* AI-first coder — uses AI agents (Cursor, Claude Code, equivalents) to write code. Has opinions on what AI tooling does well versus poorly. Excited about AI infrastructure as a domain to own, not threatened by it. Tool of choice doesn't matter; fluency does •
* Pragmatic over dogmatic — best practice is a starting point, not a prison
* Direct and async-friendly — fits a small team where everyone has skin in the game
* Excited about peptides, longevity, and consumer health — or fast to get there
**Logistics**
* US-based strongly preferred. Exceptional non-US candidates considered with appropriate technical access controls in place
* US business hours required regardless of location
If this sounds like the right fit, we'd love to hear from you. We're looking
for someone who has done the regulated-environment work before, embraces AI as
a force multiplier, and wants to be the named architect on a system that real
patients depend on — built by a team that has done it before.