Key skills
TypeScriptPythonRustAILLMOpenAIClaudeLangChainAgenticAutoGenAnalyticsAWSServerlessCloudFormationAWS CDKLambdaS3DynamoDBIAMAPI GatewayOAuthOpenTelemetrySaaSCRMOWASP
About this role
Extend is revolutionizing the post-purchase experience for retailers and their customers by providing merchants with AI-driven solutions. The Senior AI Software Engineer will be responsible for building and securing a platform that enables non-engineering roles to utilize AI effectively across the company.
Responsibilities:
- Design and ship secure MCP (Model Context Protocol) connectors to Extend's internal systems and the third-party SaaS we run on: finance, CRM, data warehouse, expense management, product analytics, support, ATS, and the long tail beyond
- Build and curate the shared library of agent skills that every team at Extend composes from. Ship skills, codify patterns, and raise the floor for what a safe, high-quality skill looks like
- Extend our agent infrastructure. Build the tooling that lets non-engineers create reusable agent skills securely and reliably. Encode the review and publishing model for shared tooling, shared runtimes, and the feedback loop on agent behavior in production. Fill the open phases of the lifecycle that governs how skills are designed, reviewed, and shipped, so non-engineers can build and ship intelligent automation end to end
- Build toward a connector-building agent: a meta-agent that discovers APIs, scaffolds MCP servers, and provisions access automatically. The end state is a platform that is itself an agent
- Work with our platform teams to establish the credential scoping, OpenTelemetry instrumentation, and least-privilege patterns that every connector and skill ships with, so security is built in from day one
- Own the employee experience for the agentic platform. Help onboard employees to the tools with self-serve guides, build skills people can learn from, and run the feedback loop between what's shipped and what adopters actually need. Your job isn't done when the connector ships. It's done when the team using it is self-sufficient
- Design credential scoping and vending for agent connectors: how API keys are provisioned, rotated, and scoped per user, per skill, per connector. OAuth/OIDC where it fits, least-privilege everywhere
- Build the risk-tier and review model for shared agent skills: what's safe at personal, team, and org level; sandboxing strategy; malicious dependency scanning for skills that pull in untrusted packages
- Instrument the agent platform end-to-end with OpenTelemetry: every MCP call, every skill execution, every credential use is visible in Coralogix
Requirements:
- You've shipped production systems and can point to the seams: where they held under load, where they broke, and what you changed. Five or more years of that
- Proficient in at least one of Python, TypeScript/Node, or Rust
- You've built developer tooling, platforms, SDKs, or internal frameworks that other engineers depended on. You measure that work by adoption, not by what shipped
- You can build a real third-party integration: OAuth flows, credential scoping, webhook handling, pagination, rate limiting, retry semantics. Production connectors, not tutorial work
- Comfortable on AWS. We run on Lambda, API Gateway, DynamoDB, S3, and a managed agent runtime. You don't need to be an infra specialist, but you need to be at home
- You've made complex systems usable by non-experts, whether through DevX work or internal tools that non-engineers actually adopted and relied on
- You live and breathe AI tooling every day. Direct experience with Claude Code, MCP, or another agent framework (LangChain, CrewAI, AutoGen, OpenAI Agents SDK)
- Familiarity with using different agent harnesses/orchestrators for complex coding tasks and the process of building new agents
- You've built production credential management: OAuth 2.0/OIDC, API key vending, secret rotation, least-privilege scoping. You understand that security that can be bypassed isn't security
- Strong AWS security fundamentals: IAM, KMS, Lambda surface, serverless attack patterns. You don't need to be a security specialist, but you ship code that doesn't need a security escort
- Experience with AWS CDK, CloudFormation, or similar infrastructure-as-code
- Experience with OpenTelemetry, Coralogix, or equivalent observability tooling
- Background in platform engineering, internal developer platforms (IDPs), or enterprise integration
- Prior IC role at an early-stage startup with a small team, wide surface area, and high pace
- Experience with LLM application security: OWASP LLM Top 10, prompt injection defense, agent sandboxing
- Background in supply chain security, dependency scanning, or SBOM tooling