Full-Stack Developer — React / Supabase

Role Overview

Join Friction Labs, an innovative EdTech platform specializing in AI-powered simulations for education and professional training. We are seeking a senior Full-Stack Developer to contribute to our security-first sprint by enhancing our platform's security and functionality. This project involves immediate and well-defined tasks, with the potential for ongoing work based on performance.

Responsibilities

• Implement authentication for an unsecured chat API endpoint to enhance security.
• Introduce per-user message rate limits (200/day) and rate-limit anonymous chat to prevent abuse.
• Restrict Cross-Origin Resource Sharing (CORS) policy to allow access only from frictionlabs.io.
• Add URL validation to the file processing function to address Server-Side Request Forgery (SSRF) vulnerabilities.
• Implement defenses against prompt injection in AI grading prompts.
• Develop an append-only audit log table in Supabase for tracking changes and ensuring data integrity.

Required Skills

• Proven experience with React and Supabase.
• Strong understanding of CORS, SSRF, and prompt injection security measures.
• Ability to work independently and efficiently from a clear specification without requiring detailed supervision.
• Excellent communication skills in plain English, suitable for collaboration with a non-technical founder.
• Proficiency in using AI coding agents like Claude Code to expedite project delivery.

Nice to Have

• Experience in EdTech or similar platforms.
• Familiarity with AI technologies, particularly Google Gemini Flash 2.5 via Lovable AI Gateway.
• Previous work with hosting services like Netlify and email services such as Resend.