Founding Engineer at Funded Startup

Founding Engineer

Company Status: Funded

Remote · EU/US overlap · Full-time

Experienced founder team: prior exit to Cisco in 2022\.

About Palma

Palma is the enterprise control layer for AI: it lets AI clients and autonomous agents act on live business systems, while enforcing rules, tracking actions, and logging cost. We integrate agents, people, and systems so that MCP \& skills scale in production. Palma runs on-premises, in cloud marketplaces, and as SaaS - with on-prem in regulated industries as our primary case.

We're a founding member of the Agentic AI Foundation alongside OpenAI, Anthropic, and Microsoft, and we're backed by top investors. Our ambition is to build the definitive control plane for the agentic AI era — and that means both relentless engineering rigor and real product invention at the frontier of how agents work. The founders previously co-founded an infrastructure monitoring company that exited to Cisco in 2022\.

What you'll do

You'll be one of the first engineers on Palma's core product - a multi-tenant control plane plus a high-throughput MCP gateway, running inside environments we don't operate. The work has two sides, and we want engineers who care about both.

The reliability side.

On-prem and cloud-marketplace deployments are hard to patch in flight - what ships has to work, and keep working, in environments we can't SSH into. That means engineering rigor is a product feature here, not an afterthought: tight data models, real test coverage, observability you can hand to a customer's SRE team, online migrations, HA Postgres, performance budgets the gateway holds under load. The bar is "this still works in six months at a bank we can't reach."

The frontier side.

Palma is one of the most active bets in agentic AI infrastructure, and the model context protocol is moving fast. There's real product invention to do - how policy works for autonomous agents, how identity composes across humans and agents, how packs and skills assemble, what the gateway needs to look like when a hundred agents hit it concurrently. You'll be designing this, not just implementing tickets, and the best work will ship upstream into the protocol itself.

Concretely, in any given month you might:

• Design and ship core product surfaces - governance, policy evaluation, identity, packs, agents, spaces - across API, gateway, and UI.
• Own load-bearing parts of the MCP gateway: request lifecycle, auth, caching, telemetry, performance budgets.
• Push the agent product surface forward - new MCP capabilities, agent identity primitives, governance for autonomous flows.
• Shape how Palma is deployed and operated - Kubernetes/Helm packaging, observability customers route into their own stack, air-gapped scenarios, marketplace listings - and work with their platform and security teams through rollout.

What we use

• TypeScript and Node for backend services. Fastify, Drizzle, Postgres.
• Go, OpenTelemetry, and Redis.
• SvelteKit 2 and Svelte 5 on the frontend.
• Keycloak for OIDC, SAML, and SCIM.
• Docker, Kubernetes, and Helm for deployment, including air-gapped and marketplace distributions.
• We care more about software depth and systems thinking than current framework fluency. If you've built reliable distributed systems in Go, Rust, or Java, you're who we want to talk to.

What we look for

• \~8–12 years of engineering experience, including at least one stint as an early engineer at a startup that grew.
• A strong software engineer first — distributed systems, application architecture, data modeling, API design — with the taste to keep a large codebase coherent as it grows.
• A view of engineering rigor as a product feature, not overhead. Tests, types, observability, and migration discipline are how you ship things that survive contact with customers you can't reach.
• Comfort across the stack. You don't need to write Svelte by Tuesday, but you should be the kind of engineer who can follow a user-visible bug from the UI to a SQL plan and back.
• Fluent with AI coding agents in daily work, and effective at collaborating with engineers who use them too.
• Genuine interest in the AI-agent frontier — MCP, agent identity, governance for autonomous flows — and the appetite to invent at the product level, not just integrate.
• Production fluency with Kubernetes and Helm, and a packaging or distribution story you've owned (Replicated, Embedded Cluster, custom installer, air-gapped bundling, marketplace listings, or similar).

• Strongly preferred: you've shipped a self-hosted product into a regulated environment (banking, insurance, healthcare, defense, telco, or similar). Real evidence you can ship something that survives outside your own laptop.

• Clear writer; comfortable on customer calls during installs and integrations. Most of our decisions live in writing.
• Helpful but not required
• SOC 2 or ISO 27001 work in a prior role, including security questionnaires and audit cycles.
• OpenTelemetry, the Grafana stack, Pyroscope.
• Pulumi, Terraform, or comparable IaC at scale.
• Prior exposure to MCP, LLM tooling, or AI infrastructure.

How we work

• Both founders are technical and stay close to engineering and customers. We work asynchronously most of the time, with EU/US overlap for what needs it. Decisions live in writing in the repo so the team can move quickly without long meetings.

Compensation and benefits

Salary and equity: competitive salary plus founding-team-level equity.

Specific numbers

come up in the first conversation.

Paid vacation: generous time off, and the culture to actually take it.

Setup and growth: equipment of your choice, plus a budget for conferences, courses, and professional development.