Senior Full-Stack Engineer — Platform & Scale

About the role

Fhresh is the modern marketplace for hair, beauty and wellness. We’re at the stage where the platform needs an owner who can keep the lights on AND make the architecture decisions that let us 10× traffic, listings and bookings without a rewrite. This role is that owner.

You will be responsible end-to-end for the production platform: shipping product features, hardening the booking and payments hot path, tuning database performance, evolving our multi-tenant data model, owning observability and on-call, and gradually pulling apart the monolith where (and only where) scale demands it.

What you’ll do

• Ship product features end-to-end across a modern, server-rendered TypeScript web stack — from data model to UI.
• Own the data layer: schema design, migrations on live data, indexing strategy, query plans, connection pooling, partitioning and read-replica strategy as we grow.
• Own payments end-to-end — marketplace flows, subscriptions, webhooks, idempotency, refunds, payouts, dispute handling and reconciliation.
• Own auth and multi-tenancy — row-level access controls, role-based access (customer / business / admin), session and middleware hardening.
• Scale the booking and search hot path — availability calculation, rate limiting, caching, on-demand revalidation, edge vs. server trade-offs, search latency and ranking.
• Run reliability — SLOs, structured logs, alerting, uptime and error budgets, on-call rotation as the team grows.
• Keep CI/CD honest — preview deployments, focused test coverage on critical paths, migrations as code, environment hygiene.
• Security & compliance — OWASP Top 10, secrets rotation, GDPR / UK GDPR / CCPA-ready data flows, AML/KYC handoffs, abuse and fraud signals.
• Make scale decisions — when to introduce queues, when to extract a service, when to add a read replica, when to move work to background jobs, when to cache and when to denormalise.
• Mentor and document — raise the bar on code review, and write the runbooks and ADRs the next five engineers will rely on.

How you’ll work here

• Async by default, with one weekly engineering sync. Decisions get written down.
• Small, vertical PRs. Tests on the critical paths are non-negotiable.
• You ship to production on day one behind feature flags. We trust the on-call to roll back.
• Real ownership. You’ll be the named owner of at least one major surface (payments, search, booking, or platform/infra) within your first quarter.

What success looks like

• First 30 days: shipping production PRs, on-call shadow, mapped the top 10 slowest queries and the top 10 noisiest production issues.
• First 90 days: a measurable win on p95 latency or error rate for the booking/payments hot path, owns at least one surface, has authored 1–2 ADRs.
• First 12 months: the platform handles a 5–10× increase in bookings and listings without architectural panic — driven by your roadmap.

What we're looking for

Must-have

• 5+ years building production web applications shipped at real traffic, with 2+ years on a modern server-rendered TypeScript framework (e.g. App Router-style React, SvelteKit, Remix, Nuxt).
• Deep relational database experience (PostgreSQL strongly preferred): indexing strategy, query-plan analysis, transactions and isolation levels, safe migrations on live data, hot-spot tuning. ORM experience in production a strong plus.
• Production experience integrating a major payments platform end-to-end — marketplace or subscription flows — including webhooks and idempotent handlers.
• Comfortable with server-side rendering, server actions/route handlers, server vs. client boundaries, streaming, caching and on-demand revalidation.
• Solid grasp of authentication and session security on the edge — row-level access controls, CSRF, rate limiting, principle of least privilege.
• Observability mindset — error tracking, structured logging, dashboards, error budgets. You’ve been on-call and improved it.
• Strong testing instincts (unit, integration, end-to-end) — you know what to test and what not to.
• Security literate — OWASP Top 10, secret management, threat modelling.

Nice-to-have

• Multi-tenant SaaS or marketplace experience (two-sided supply/demand, search ranking, geo).
• Managed Postgres platforms with built-in auth and row-level security at scale.
• Serverless / edge platform internals — incremental static regeneration, edge runtime, image optimisation, preview deployments — and the trade-offs vs. self-hosting.
• Background jobs, cron, queues and webhooks at volume; idempotency patterns.
• Distributed rate limiting and caching with Redis or equivalent.
• Component-system thinking and accessibility (WCAG 2.2 AA).
• Exposure to AI/LLM features (we have an in-product assistant, "Orion AI").

Compensation & benefits

• Competitive salary with meaningful equity.
• Remote-friendly with optional co-working stipend.
• 28 days paid leave + public holidays.
• Private health cover, generous parental leave.
• Annual learning & development budget; conference travel where it makes sense.
• Hardware of your choice.
• Quarterly team off-sites.