Senior Full Stack Developer AI

Role summary 

Own a healthcare web application endtoend across backend (Python/Flask/Celery/Postgres) and frontend (Node.js/Express/HTML/CSS/JS), leading feature delivery, integrations, security, and operations. 

Key responsibilities 

• End to end ownership 

• Plan, design, implement, test, deploy, and monitor features across frontend and backend. 

• Maintain high code quality, documentation, and developer experience. 

• Backend (Python/Flask) 

• Design REST APIs, proxy endpoints, and vendor integrations (e.g., EHR systems, form platforms). 

• Implement asynchronous processing pipelines with Celery + Redis (audio/transcripts). 

• Optimize Postgres schemas/queries; manage connection pools (psycopg/psycopg_pool). 

• Enforce consistent authentication/authorization (API key headers), manage secrets via environment variables. 

• Operate with Gunicorn and Docker Compose; maintain conda/venv environments. 

• Frontend (Node.js/Express) 

• Build secure serverside routes and robust proxy layers to backend APIs. 

• Implement sessions, CSRF protection, rate limiting, and security headers (helmet + CSP). 

• Integrate thirdparty form systems; implement file uploads (multer) and streaming (PDF/audio). 

• Develop pages and flows: login/register, dashboard, patients, action items, billing, invoice generation. 

• Media ingestion 

• Implement browser recording UX, file validation, and resilient upload/processing flows. 

• Coordinate FFmpeg/ffprobe and pydub usage for media processing. 

• Data & documents 

• Manage patient sections (agenda, summary, transcripts, blueprints), versioning/history, and exports (ZIP, PDF). 

• DevOps & operations 

• Own Docker Compose and CI/CD pipelines; environment parity for dev/stage/prod. 

• Instrument logging, metrics, tracing; set alerts; optimize performance and cost. 

• Security & compliance 

• Apply best practices: input validation, CSRF, CSP, secure cookies/sessions, SSRF prevention, rate limiting. 

• Handle secret management and least privilege for cloud/database access. 

• Contribute to security gap analysis and remediation; ensure auditable changes. 

• Quality & process 

• Write unit/integration tests for critical flows (auth, uploads, proxies, billing). 

• Own release notes, migration scripts, rollback plans; drive postmortems and continuous improvement. 

Success metrics (first 90 days) 

• Standardize API key attachment across all proxy calls; eliminate “missing api key” errors. 

• Stabilize audio/transcript pipeline with retries, idempotency, and user feedback; reduce failures >80%. 

• Ship two endtoend features with tests and documentation. 

• Introduce base CI (lint/test/build) and minimal deploy workflow; improve release cadence. 

• Close top security findings; add monitoring for key endpoints. 

Interview focus 

• Architecture: consistent API key enforcement across Express proxies and Flask APIs. 

• Systems design: async pipelines for audio/transcripts; retry/backoff; idempotency; observability. 

• Security: CSP/CSRF/session hardening, SSRF/file upload safety, secrets management. 

• Live coding: secure PDF streaming proxy with “check vs stream” logic and error forwarding. 

• DB: schema/index proposals for patient sections/history and efficient exports. 

Short job board version 

• Title: Senior FullStack Engineer 

• Summary: Own a healthcare web app endtoend (Python/Flask/Celery/Postgres + Node/Express). Build secure APIs and proxies, audio/transcript pipelines, dashboards, billing, and PDF/invoice flows. Lead DevOps, security, and performance. 

• Musthaves: 5+ yrs; Flask, Celery, Postgres, Node/Express; Docker/Compose; security (CSP/CSRF/headers); file uploads/streaming; CI/CD. 

• Nicetohaves: EHR integrations, Form.io, Azure/AWS/GCP, HIPAA workflows. 

• Location: [Remote/Hybrid/Onsite] 

• Compensation: [Range/Bands] 

• Apply: [Email/ATS link] 

Qualifications 

• 5+ years of fullstack development with production ownership. 

• Python ecosystem: Flask, Gunicorn, Celery, Redis, Postgres, psycopg, conda/venv, FFmpeg/pydub. 

• Node.js ecosystem: Node 18+, Express 5, axios, multer, helmet, expressratelimit, csrf, marked, nodefetch/undici. 

• Web app delivery: HTML/CSS/JS, UX for dashboards/wizards/modals/drawers, performance optimization. 

• Architecture & operations: Docker/Compose, environment config, secrets via env vars, git workflows. 

• Security: API key enforcement, session security, CSRF, CSP, rate limiting, secure headers, file upload safety. 

Nice to have 

• EHR integrations (Charm or similar), HIPAAaligned workflows. 

• Form platforms (Form.io), PDF generation/signing, invoice pipelines. 

• Cloud experience (Azure/AWS/GCP) and managed Postgres. 

• CI/CD (GitHub Actions), IaC/Terraform, container orchestration. 

• Data privacy/compliance experience (audit trails, access controls).