Key skills
PythonTypeScriptNode.jsRustOAuth 2.0OIDCAPI key vendingSecret rotationCredential managementAWS LambdaAWS API GatewayAWS DynamoDBAWS S3AWS IAMAWS KMSServerless securityAgent frameworksAgent orchestrationOpenTelemetryWebhook handlingPaginationRate limitingRetry semanticsProduction system developmentPlatform engineeringInternal developer platformsEnterprise integrationAI toolingSecurity scopingMalicious dependency scanningDeveloper Experience (DevX)AILLMClaudeAgenticAnalyticsAWSServerlessCloudFormationAWS CDKLambdaS3DynamoDBIAMAPI GatewayOAuthSaaSCRMOWASP
About this role
Extend is revolutionizing the post-purchase experience for retailers and their customers by providing AI-driven solutions. The Senior AI Software Engineer will be responsible for building secure coding tools for non-engineering roles and enhancing the company's AI platform to ensure reliability and security.
Responsibilities:
- Design and ship secure MCP (Model Context Protocol) connectors to Extend's internal systems and the third-party SaaS we run on: finance, CRM, data warehouse, expense management, product analytics, support, ATS, and the long tail beyond
- Build and curate the shared library of agent skills that every team at Extend composes from. Ship skills, codify patterns, and raise the floor for what a safe, high-quality skill looks like
- Extend our agent infrastructure. Build the tooling that lets non-engineers create reusable agent skills securely and reliably. Encode the review and publishing model for shared tooling, shared runtimes, and the feedback loop on agent behavior in production. Fill the open phases of the lifecycle that governs how skills are designed, reviewed, and shipped, so non-engineers can build and ship intelligent automation end to end
- Build toward a connector-building agent: a meta-agent that discovers APIs, scaffolds MCP servers, and provisions access automatically. The end state is a platform that is itself an agent
- Work with our platform teams to establish the credential scoping, OpenTelemetry instrumentation, and least-privilege patterns that every connector and skill ships with, so security is built in from day one
- Own the employee experience for the agentic platform. Help onboard employees to the tools with self-serve guides, build skills people can learn from, and run the feedback loop between what's shipped and what adopters actually need. Your job isn't done when the connector ships. It's done when the team using it is self-sufficient
- Design credential scoping and vending for agent connectors: how API keys are provisioned, rotated, and scoped per user, per skill, per connector. OAuth/OIDC where it fits, least-privilege everywhere
- Build the risk-tier and review model for shared agent skills: what's safe at personal, team, and org level; sandboxing strategy; malicious dependency scanning for skills that pull in untrusted packages
- Instrument the agent platform end-to-end with OpenTelemetry: every MCP call, every skill execution, every credential use is visible in Coralogix
Requirements:
- Five or more years of experience shipping production systems
- Proficient in at least one of Python, TypeScript/Node, or Rust
- Experience building developer tooling, platforms, SDKs, or internal frameworks
- Ability to build real third-party integrations including OAuth flows, credential scoping, webhook handling, pagination, rate limiting, and retry semantics
- Comfortable on AWS, specifically with Lambda, API Gateway, DynamoDB, S3, and a managed agent runtime
- Experience making complex systems usable by non-experts
- Direct experience with AI tooling, specifically Claude Code, MCP, or another agent framework
- Familiarity with using different agent harnesses/orchestrators for complex coding tasks
- Experience with production credential management including OAuth 2.0/OIDC, API key vending, secret rotation, and least-privilege scoping
- Strong AWS security fundamentals including IAM, KMS, Lambda surface, and serverless attack patterns
- Experience with AWS CDK, CloudFormation, or similar infrastructure-as-code
- Experience with OpenTelemetry, Coralogix, or equivalent observability tooling
- Background in platform engineering, internal developer platforms (IDPs), or enterprise integration
- Prior IC role at an early-stage startup with a small team, wide surface area, and high pace
- Experience with LLM application security including OWASP LLM Top 10, prompt injection defense, and agent sandboxing
- Background in supply chain security, dependency scanning, or SBOM tooling