For Security Engineering projects, I aim to build maintainable security infrastructure or security features for your team. My approach to security engineering is providing tools and infrastructure that turn an ambiguous security risk into a solved problem. A non-exhaustive list of what I've built, owned, and operated:
Phishing-resistant authentication proxies
This reverse proxy was used daily by thousands of people and eliminated internal credential phishing risk. It was simple to operate, low friction, and made employee passwords practically non-existent.
Secrets management services
A Vault-like secret store with significantly better reliability properties due to the way it was integrated into the deployment process. The design intentionally avoided introducing a change management process, enabling the company to focus on building one well-oiled and safe rollout mechanism.
Access management services and libraries
A web application that managed the authoritative list of thousands of employees and what data they had access to. I owned and maintained a library used by Engineers to easily integrate checking these permissions in their own service logic.
Static analysis in CI
I've built static analysis tooling tailored to patterns of insecure code to tighten feedback loops during development as well as a pattern for migrating from an old insecure API to a newer hardened API.
For these projects, I am open to starting from an existing design or originating one myself. In almost all cases, I will start with at least a lightweight design document outlining the problems to be solved, the constraints, and how I plan to build it.
If you need to audit near-complete or shipped features, consider getting a security audit.
I can scope and build projects like this for you and your teams. Contact me at hello@ on this domain for a free consultation.