Work

Selected Work & Engineering Capabilities.

A look at what we’ve engineered and the approaches we bring to the platforms enterprises run on.

Rust · Event Streaming · Multi-Tenant

Built by Zaejis

A Real-Time, Multi-Tenant Security Event Streaming Platform

The Challenge

Off-the-shelf SOC dashboards render critical alerts with multi-second — sometimes multi-minute — lag, blunting analyst response. We set out to engineer a streaming layer that delivers alerts in real time, with strict isolation between tenants.

How We Built It

We engineered a high-performance streaming platform from the ground up. A Rust service ingests Kafka/RedPanda event streams and pushes them to the dashboard over Server-Sent Events for real-time delivery. Multi-tenant isolation is enforced at two layers — PostgreSQL Row-Level Security at the data layer, and path-slug-routed RBAC at the application layer — so a tenant can only ever see its own data.

The Impact

  • Real-time delivery

    SSE-based streaming replaces slow dashboard polling with instant push.

  • Multi-tenant by design

    isolation enforced at both the data layer (PostgreSQL RLS) and the routing layer (path-slug RBAC).

  • Engineered for scale

    built on Rust and RedPanda for memory-safe performance and horizontal throughput.

Auth0 · Sitecore · CIAM Migration

Engineering Capability

Zero-Downtime CIAM Migration for a Digital Experience Rollout

The Challenge

A fragmented customer-authentication estate is one of the most common things blocking a major digital-experience launch — high login friction, legacy user stores, and complex enterprise routing that can't be broken during cutover.

Our Approach

Our approach is a seamless Auth0 migration: design the target architecture, map the multi-tenant user flows, and build the custom extensibility scripts that bridge legacy user stores to Auth0. We sequence the identity cutover with the platform's deployment pipelines — for example a Sitecore 10.4 rollout — so identity and experience go live together across dev, staging, and production.

The Impact

  • Zero-downtime cutover

    user migration designed for no rollback and no disruption to live traffic.

  • Unblocked launch

    identity stops being the thing holding back the dependent platform rollout.

  • Consolidated control

    legacy technical debt retired, identity centralized under a single, highly available control plane.

ServiceNow VRR · HAM Pro · Workflow Automation

Engineering Capability

Automating the Vulnerability-to-Asset Lifecycle

The Challenge

Security teams identify thousands of vulnerabilities; mapping each CVE to the specific physical hardware it affects is often manual spreadsheet work — leaving critical infrastructure exposed for weeks.

Our Approach

Our approach integrates ServiceNow Vulnerability Response (VRR) with Hardware Asset Management (HAM Pro), engineering the automated workflows that connect live threat intelligence directly to the physical asset database. Custom routing and assignment rules remove the human bottleneck from triage.

The Impact

  • Instant CVE-to-asset mapping

    vulnerabilities matched to impacted hardware automatically, not by spreadsheet.

  • Executive clarity

    a real-time, unified view of enterprise hardware risk posture.

  • Auditable remediation

    a fully traceable workflow from detection to patch deployment.

AWS · Cloud Architecture · Identity Provisioning

Engineering Capability

A Cloud-Native Bridge for Legacy Provisioning Workflows

The Challenge

Fragile on-premise file repositories for application-owner provisioning are slow, error-prone, and incompatible with modern identity-governance tools — a common blocker to cloud modernization.

Our Approach

Our approach designs a secure, serverless drop-zone using AWS Transfer Family and encrypted S3, then engineers the integrations that let enterprise identity-governance agents pull and parse the data — eliminating the on-premise dependency entirely.

The Impact

  • Zero-touch provisioning

    a manual, multi-day access process becomes an automated workflow.

  • Cloud-native resilience

    legacy on-prem servers decommissioned; single points of failure removed.

  • Compliance built in

    encryption and access-logging meet enterprise regulatory requirements by design.

Ready to get it built right?

Tell us what you're standing up. We'll scope it cleanly — fixed price, no surprise hours, your team in command when we leave.

Book a Free Assessment →