Cloud Security Platform

Context

I joined cy5.io as a Software Engineer and now work there as a Senior Software Engineer. When I came in, the platform already had CSPM and cloud-native SIEM capabilities, with much of the product delivered through Django and backend processing distributed across AWS services like Kinesis for SIEM pipelines.

My initial mandate was to rebuild the product experience in React so the platform felt faster, more responsive, and easier to scale on the frontend. Over time, that role expanded well beyond UI work into API development, product architecture, and shipping entirely new modules across the platform.

The Build

I built the frontend using React, TypeScript, and Vite, with React Query handling remote state, Axios for API communication, and shadcn/ui helping us keep the design system consistent across a large B2B SaaS surface area. The goal was not just a rewrite, but a product experience that could handle dense security workflows without feeling slow or heavy.

On the backend side, I also worked on the APIs that powered the platform. The core scanning and event-processing logic already existed through AWS-driven workflows, where cron-based Lambda jobs triggered CSPM scans and SIEM data arrived through event-based pipelines. Inventory, findings, alerts, and related security data were written into PostgreSQL and Elasticsearch, and I helped design and build the FastAPI services that consumed that data and exposed it cleanly to the product.

Beyond the core CSPM and SIEM areas, I contributed to and helped ship major parts of the broader platform, including CIEM, vulnerability monitoring with SBOM support, MFA and SSO flows, user management, workspace management, and incident workflows with integrations such as ServiceNow. I also worked on features like Neo4j-based attack path analysis, data lake query analysis, and custom visualizations and dashboards. More recently, I have been working on the DSPM side of the platform as the product continues to expand.

Challenges

Re-platforming an active product without slowing delivery was the hardest part. This was not a greenfield app. The platform already existed, customers were already using it, and new modules still needed to ship while we modernized the frontend and improved the developer experience.

Designing APIs around existing security pipelines required careful thinking. The scanning engines and event systems were already producing valuable data, but the product needed a backend layer that could translate that data into reliable, usable APIs for dashboards, findings, inventory views, and workflows across multiple security domains.

Building for breadth without losing consistency was another major challenge. The product covered CSPM, SIEM, CIEM, vulnerability management, identity, workspaces, incidents, graph-based analysis, and reporting. Keeping the UI coherent and the user experience predictable across all those areas required strong component discipline and a shared design language.

What It Taught Me

This project pushed me from being primarily a frontend engineer into someone who could own product areas end to end. It taught me how to work inside a real security platform with existing infrastructure, legacy constraints, and fast-moving business needs, while still improving architecture, developer velocity, and user experience in parallel.