Security Startup: From Pentest Triage Tool to Enterprise Platform

The situation

A security startup had a pentest submission management tool: think Jira for coordinating pentest findings between researchers, triagers, and clients. Functional, but it was just one of the many features of the ambitious enterprise security posture management platform they were fundraising to build.

The CEO and head of threat intelligence were domain experts, not infrastructure engineers. They needed to ship product without a dedicated engineering hire they couldn’t afford.

What I did

Cloud configuration scanner. Built a scanning service that audits customer AWS environments against security benchmarks. Findings are normalized to OCSF for integration with tools like AWS Security Hub.

Attack surface scanner. Built a horizontally-scalable Go service on ECS that runs open source security scanners against customer assets. The same service supports a “prospecting” mode that scans the public internet to identify potential customers with exposed vulnerabilities.

LLM auto-triage. Built a function that converts raw scanner findings into customer-appropriate risk reports, replacing manual triage for the high-volume scan output.

Infrastructure and Terraform. Zero automation existed. I built the AWS infrastructure from scratch and wrote Terraform modules for the entire stack. Getting infra into code early was deliberate: once infrastructure is defined in Terraform, Claude can read it, reason about it, and propose changes. That turned infrastructure work from a bottleneck (one person clicking through the AWS console) into something the whole team could contribute to through normal code review.

Claude Code workflows for the team. Embedded prompts, guardrails, lint rules, test coverage, and review processes into the codebase so the CEO and head of threat intelligence could ship real changes safely.

The outcome

The product went from a single-purpose pentest triage tool to a platform with cloud config scanning, attack surface discovery, automated triage, and a prospecting pipeline. A 1-person fractional engagement became a 3-person engineering team. The CEO and threat intel lead now make regular contributions across the stack.

View Next

AI Startup: Incident Response to SOC 2

Led a security incident investigation, then stayed on to audit and remediate cloud infrastructure and support a SOC 2 renewal.