Bestkaam Logo
Back to Jobs
RegTech Innovations

Full-Stake Engineer - React + Supabase

Actively Reviewing

RegTech Innovations

India Contract 1–2 yrs exp Posted 3 weeks ago  · Apply by Aug 25, 2026
RegTech Innovations - We’re hiring

Full Stack Engineer - React + Supabase
Contract / freelance, with a path to an ongoing role · Remote

Looking for a freelance Full-Stack Engineer (React + Supabase) — contract work, with a path to a longer-term role.
I’m building a RegTech SaaS for outsourcing and third-party risk management (Banks & NBFCs). The prototype works; I now need an experienced engineer to stabilise the foundation — data persistence, authentication / session handling, roles, and Postgres Row-Level Security — then continue into security hardening and production readiness.
This is a fix-and-harden engagement on an existing React + Supabase codebase — not greenfield. So, I’m after someone who has genuinely done this before.
Must have - Strong, hands-on Supabase (Postgres, Auth, Edge Functions), deep Row-Level Security experience, and solid React + TypeScript.
How it works: it starts as a scoped, paid trial task. If it’s a great fit — both ways — there’s ongoing work through the security and production phases. Remote, flexible hours, NDA applies.
If that’s you (or someone you rate), DM me with your GitHub and a line or two on your Supabase / RLS experience.

Role at a Glance
Engagement Freelance / contract. Starts with a small paid trial task; potential ongoing engagement through security and production phases for the right person.
Location: Remote.
Hours Flexible; part-time to start, scaling with the work.
Stack React + TypeScript (front end); Supabase (Postgres, Auth, Storage, Edge Functions); GitHub.
Start As soon as the right person is found.
Comp Hourly or fixed-scope milestones (state your rate).

About the Work
We’ve built a working prototype of a RegTech SaaS platform (React + Supabase) for outsourcing and third-party risk management, aimed at banks and NBFCs. The full UI and most backend wiring exist. We need an engineer to stabilize the foundation, then carry it through a security phase and on to production readiness. This is a fix-and-harden engagement on an existing codebase — not a greenfield build — so demonstrable experience debugging and hardening inherited systems matters.

What you’ll do
Phase 1 - Foundation stabilization (the immediate priority)
• Make data persistence reliable - every entity creates, edits, deletes and survives a refresh; correct upsert + stable UUID strategy; no duplicate rows; no silent failures.
• Fix authentication / session handling - sessions persist across reloads and tabs, tokens are correctly attached to Edge Function calls (no 401s), and logout fully clears state.
• Implement reliable role assignment and role-gated access (RBAC).
• Author completes, correct Postgres Row-Level Security policies across all tables, scoped to organization and role - surfacing errors to the user rather than failing silently.
• Complete server-side logic in Supabase Edge Functions, including server-side document text extraction and AI API calls (secrets kept server-side).
• Resolve assorted front-end issues (e.g. modal/z-index/layout).
Later phases (for the right person, ongoing)
• Security hardening - RBAC enforcement, hard tenant / external-user data isolation via RLS, audit logging, secure document storage, secrets management; readiness for an external penetration test.
• Production readiness - automated tests, CI/CD, staging/production environments, monitoring, backups, performance, data residency.

Must-have Skills & Experience
• Strong, production Supabase experience — Postgres, Auth, Storage, and Edge Functions.
• Deep PostgreSQL, including Row-Level Security (RLS) — designing and debugging policies, not just using an ORM.
• React + TypeScript — comfortable working in an existing component codebase.
• Authentication and session management (JWT) and secure handling of secrets / API keys.
• Serverless / edge functions (Supabase Edge Functions / Deno, or close equivalent).
• Demonstrable experience debugging and hardening an inherited / existing codebase — not only greenfield builds.
• Solid Git / GitHub workflow (branches, pull requests, separate dev environments).

Nice to have
• RegTech / fintech or other regulated-industry experience.
• Security background - RBAC, audit logging, encryption, data residency, penetration-test readiness.
• Experience working with a Lovable (or similar AI-builder) codebase synced to GitHub and moving from prompt-built to engineer-led.
• AI API integration (Anthropic / OpenAI) and retrieval (pgvector / RAG).
• Experience taking a product to production (CI/CD, monitoring, backups).

How we Work
• Paid trial first: We begin with a small, scoped task so we can both confirm fit before the larger engagement.
• Clear acceptance criteria: Each piece of work has a written definition of done and acceptance tests.
• Version-control discipline: You work on a branch with a separate dev environment; the live/demo version is protected by a frozen baseline.
• Confidentiality & IP: An NDA and IP-assignment agreement are signed before work begins; no real customer data is used until the security phase.