2 Zyg-Squared
Services

Two practices, one team.

Equal investment in cloud and mobile. Most engagements draw on both — a mobile app is only as durable as the infrastructure that backs it.

Cloud & security on AWS

Whether you’re standing up a first account or auditing a five-year-old estate, we work in Terraform, leave behind code you can own, and document the trade-offs we made along the way.

Foundation & landing zones

  • AWS Organizations, SSO/Identity Center, account vending
  • Centralized logging, GuardDuty, Security Hub baselines
  • Network design: VPCs, Transit Gateway, private endpoints
  • Service Control Policies and guardrails

Application infrastructure

  • Static sites — S3, CloudFront, OAC, ACM
  • Containers — ECS Fargate, App Runner, ECR
  • Serverless — Lambda, API Gateway, EventBridge, SQS
  • Data — RDS, DynamoDB, S3 lifecycle policies

Security & compliance work

  • IAM reviews and least-privilege refactors
  • Secret management with KMS, Secrets Manager, Parameter Store
  • OWASP-aligned application reviews
  • Audit prep: SOC 2 readiness, evidence collection plumbing

Platform & CI/CD

  • GitHub Actions with OIDC, no long-lived AWS keys
  • Reproducible builds, signed artifacts, SBOMs where it matters
  • Pre-commit hooks, gitleaks, Terraform formatting and validation
  • Cost & usage dashboards that go to the right inboxes

iOS & Android applications

Native applications, shipped through the App Store and Google Play. We build with the platform conventions, not against them — and we treat App Review as part of the engineering process, not an afterthought.

iOS

  • Swift, SwiftUI, modern concurrency
  • StoreKit 2, sign-in with Apple, App Tracking Transparency
  • Privacy nutrition labels and PrivacyManifest authoring
  • TestFlight pipelines, App Store Connect automation

Android

  • Kotlin, Jetpack Compose, coroutines
  • Play Console release tracks, signed bundles, Play Integrity
  • Data Safety form authoring, scoped storage compliance
  • Play Asset Delivery, dynamic delivery where it pays off

Backends that match the app

  • API design: REST or GraphQL, versioned, documented
  • Auth: OAuth, OIDC, JWT — with proper rotation
  • Push: APNs, FCM, with monitoring you can actually act on
  • Offline-first sync patterns where the product needs them

App Store / Play Store readiness

  • Privacy policy and terms drafting (lawyer review recommended)
  • Support URL infrastructure that responds
  • Review-cycle remediation for rejected submissions
  • Metadata, screenshots, localization scaffolding

Engagement shapes

Project

Fixed-scope build with a clear deliverable. Typical range: four to twelve weeks.

Retainer

Ongoing capacity for maintenance, incident response, and incremental work against a shared roadmap.

Audit

Read-only review of an existing AWS estate or mobile codebase, with a written report and remediation backlog.

Start a conversation