Six disciplines.
One standard.

From greenfield platforms to gnarly migrations, every engagement runs in tight, senior-led pods. Here's exactly what we do, what's included, and how we engage.

Available for Q3 2026 engagements
01Platform02Security03Data & AI04Cloud & DevOps05Design06Modernization
01 / SERVICE

Platform Engineering.

Multi-tenant SaaS, internal tooling, and back-office systems engineered for a five-year horizon — not the next demo. We architect, build, and harden the platform your business depends on.

TypeScriptGoPostgreSQLNext.jstRPCAWS
— What's included
  • Architecture & ADRs — written, versioned, reviewed before code.
  • Multi-tenant data model — row-level isolation, sharded where needed.
  • API design — typed end-to-end, versioned, OpenAPI/tRPC contracts.
  • Authentication & authorization — SSO, SAML, RBAC, scoped tokens.
  • Background jobs & workflows — Temporal or comparable, with retries & observability.
  • Test coverage gates — unit + integration + contract tests, day one.
— Deliverables
  • Production platform deployed to your cloud
  • Architecture decision records (ADRs) for every consequential choice
  • Runbooks for on-call: how to deploy, debug, and roll back
  • Onboarding docs for engineers joining post-handoff
  • Test suite passing in CI with coverage thresholds enforced
— Engagement
Discovery
2 weeks
Build
3–9 months
Team
2–4 seniors
02 / SERVICE

Privacy & Security.

Threat modeling, encryption-at-rest, zero-trust networking, and audit-ready logging — wired in from day one, not bolted on later. We bring SOC 2 / HIPAA / PCI readiness as a default, not an upcharge.

SOC 2 Type IIHIPAAPCIVantaVaultTailscale
— What's included
  • Threat model — STRIDE-based, written, reviewed quarterly.
  • Encryption everywhere — at rest (AES-256), in transit (TLS 1.3), key rotation.
  • Audit logging — append-only, tamper-evident, queryable.
  • Compliance scaffolding — SOC 2, HIPAA, or PCI controls mapped from day one.
  • Penetration testing — annual, by a third party, results published internally.
  • Incident response runbooks — pre-written, tested, on-call ready.
— Deliverables
  • SOC 2 Type II evidence package, audit-ready
  • Threat model document with mitigations
  • Annual penetration test report
  • Disaster recovery + business continuity plan
  • Vendor security questionnaire response template
— Engagement
Audit
3 weeks
Hardening
4–8 weeks
Retainer
Monthly
03 / SERVICE

Data & AI.

Data pipelines, warehouses, and selectively-applied AI. We deploy LLMs where they earn their keep — and refuse to where they don't. No demo magic, no production sadness.

dbtSnowflakeDuckDBAnthropicpgvectorLLM eval
— What's included
  • ETL/ELT pipelines — dbt-based, tested, lineage-tracked.
  • Data warehouse design — Snowflake, BigQuery, or Redshift with semantic layer.
  • BI & dashboarding — Metabase, Looker, or custom internal tools.
  • LLM applications — RAG, structured extraction, agentic workflows where appropriate.
  • Eval frameworks — golden sets, regression tests, A/B harnesses.
  • PII & data governance — masking, retention, access controls.
— Deliverables
  • Production data warehouse with documented models
  • BI dashboards stakeholders actually use
  • LLM features with measurable quality bars
  • Eval suites that block regressions in CI
  • Runbooks for data-team handoff
— Engagement
Discovery
2 weeks
Build
2–6 months
Team
2–3 seniors
04 / SERVICE

Cloud & DevOps.

Infrastructure as code, CI/CD that's actually green, and observability that tells you why — not just that something broke. We bring sane infrastructure defaults so your team isn't on call for our mistakes.

TerraformKubernetesAWS · GCP · CFOpenTelemetryGrafanaGitHub Actions
— What's included
  • Infrastructure as code — Terraform, version-controlled, reviewable.
  • CI/CD pipelines — green by default, fast feedback loops.
  • Multi-environment setup — preview, staging, production with isolation.
  • Observability — traces, metrics, logs unified via OpenTelemetry.
  • Cost monitoring — per-service attribution, budget alerts.
  • Disaster recovery drills — quarterly, tested, documented.
— Deliverables
  • Terraform modules for your full stack
  • CI/CD pipeline with deploy gates and rollback
  • Grafana dashboards for SLI / SLO / SLA
  • On-call rotation playbook with escalation paths
  • Cost attribution by service and team
— Engagement
Setup
3 weeks
Migration
4–10 weeks
Retainer
Optional
05 / SERVICE

Product Design.

Interface design that respects the user's attention. Systems-thinking, design tokens, and engineering-aware handoff. We design what we'll build — and build what we design.

FigmaDesign tokensA11y · WCAG AATailwindAnt Design
— What's included
  • User research — interviews, usability testing, JTBD framing.
  • Information architecture — sitemaps, flows, edge cases.
  • Visual design system — tokens, primitives, components, documented.
  • Interaction design — prototyping, micro-interactions, loading states.
  • Accessibility — WCAG 2.2 AA minimum, AAA where it matters.
  • Engineering handoff — specs that aren't fiction.
— Deliverables
  • Design system in Figma with documented tokens
  • Production-ready component library
  • Annotated specs for every shipped flow
  • User research synthesis & recommendations
  • Accessibility audit + remediation plan
— Engagement
Discovery
2 weeks
Sprint
2-week cycles
Team
1–2 designers
06 / SERVICE

Legacy Modernization.

Legacy systems carried forward without burning the house down. Strangler-fig migrations, contract testing, zero-downtime cutovers. We've moved VB.NET, COBOL, and PHP3 into the present without losing a transaction.

Strangler-figContract testsMainframe→CloudCDCBlue/green
— What's included
  • Legacy audit — code, data, runtime, dependencies, documented honestly.
  • Migration plan — phased, reversible, with success criteria per phase.
  • Strangler-fig adapters — new behind old, dark-launched, gradually cut over.
  • Contract tests — invariants the new system must preserve.
  • Data migration — CDC pipelines, validation harnesses, rollback paths.
  • Cutover & decommission — zero-downtime, with full audit trail.
— Deliverables
  • Modern platform deployed alongside legacy
  • Contract test suite gating every cutover step
  • Migration runbooks per phase
  • Data validation reports proving zero loss
  • Decommission plan for the old system
— Engagement
Audit
3 weeks
Migration
6–18 months
Team
3–5 seniors
How we engage

Three ways
to work with us.

Most clients start with discovery, then move into a build engagement. A small fraction stay on retainer afterward. We'll recommend the shape that fits.

Discovery

$24K · 2 weeks · fixed

Stakeholder interviews, system audit, written architecture, threat model, and a fixed-band budget. Either ends in a build engagement or an honest reason not to.

  • 2-week paid engagement
  • Written architecture & ADRs
  • Threat model + risk register
  • Fixed-band budget for build phase
  • You keep all artifacts

Build

T&M · 3–9 months · with ceiling

Two-week iterations, demoed live. Senior pod of 2–4. Your team ships alongside ours. Documentation and tests gate every PR. Written exit per phase.

  • Two-week iteration cadence
  • Live weekly demos with stakeholders
  • Senior-only pod, US-based, full-time
  • Tests + docs gate every merge
  • Phased exits, never surprises

Steady-state

From $8K/mo · ongoing · monthly

Quiet retainer post-launch. Monthly office hours, on-call backup, security updates, light feature work. Designed to wind down as your team takes over.

  • Monthly office-hours sessions
  • On-call escalation backup
  • Security updates & patches
  • Knowledge transfer cadence
  • Wind-down clause built in
Let's get specific

Pick a service.
Or tell us the problem.

If you know exactly what you need, great — start with discovery. If you're not sure, send us the problem statement and we'll route from there.

Start a project See past work
Software Engineering Services — Platform, Security, Data, Cloud, Design, Modernization | 802.software