Veleda Security

Who we work with

We work with cloud-native product companies and regulated organizations with 50–2000 engineers, often with small security teams, running primarily on AWS and Splunk. They already have tools like Snyk, GuardDuty, firewalls, and various scanners, but struggle to turn them into consistent engineering practices and reliable detections.

You're in the right place if:

• You have plenty of security tools but no clear security engineering roadmap.
• Your SIEM and SOC are noisy, and triage is slow.
• AppSec and secrets tooling exist, but developers see them as blockers.
• You need guardrails and detections that align with how engineering actually ships software.
• You want progress you can show to leadership and auditors without drowning teams in admin.

Outcomes we focus on

Our work is measured in outcomes, not tool checklists:

• Reduce irrelevant alerts and false positives in SIEM and AppSec tools.
• Embed SAST, SCA, and secrets scanning into CI/CD without slowing delivery.
• Design cloud guardrails and policies that engineers actually follow.
• Improve SOC runbooks and MTTR with better data and workflows.
• Build governance and reporting that satisfy auditors without drowning teams in admin.
• Align security work with engineering and product roadmaps so it sticks.

About Us

Veleda Security started from the idea that every organization has unique challenges. We focus on hands-on security engineering: from code-to-cloud security, to real-world threat scenarios, to stakeholder alignment and continuous training.

Our team is distributed, with primary offices in Romania and the US, and we support organizations globally. We've helped clients integrate SAST, SCA, and secrets detection into CI/CD, adopt frameworks such as NIST SSDF and OWASP, and design governance programs that stay relevant over time.

Our Services

AppSec enablement

Integrate SAST/SCA and secrets scanning (e.g. Snyk, Trufflehog) into real pipelines. Tune noise, define guardrails, and coach developers so issues actually get fixed rather than ignored.

SIEM & detection engineering

Modernize Splunk and other SIEMs: tune ingest and parsing, normalize fields, design detections that match your environment, and connect to SOAR or ticketing where it makes sense. Focus on real use cases, not just feeding all logs.

Cloud guardrails on AWS

Translate cloud policies into real IaC checks, SCPs, and posture rules. Align identity, networking, and logging with clear standards and drift detection, so teams know what "good" looks like.

SOC & incident response

Help SOCs use the data they already have. Improve runbooks, triage paths, and incident workflows so signals from AppSec and cloud tools lead to faster, smarter responses instead of alert fatigue.

How we work

We focus on work that fits how your teams actually ship software:

1. Security engineering sprints (4–6 weeks)
Targeted work on specific goals such as SIEM noise reduction, AppSec rollout in CI/CD, or cloud guardrails baseline.

2. Fractional security leadership
Ongoing guidance for AppSec, detection engineering, and cloud security over several months, working with engineering and security leads.

3. Project-based delivery
Well-defined projects such as SIEM migration, AWS logging and guardrails baseline, or AppSec program design.

Example outcome

• Helped a cloud product organization align Splunk ingest with real detection use cases instead of raw data dumps.
• Reduced noisy firewall and GuardDuty alerts by focusing on the fields and events actually used by SOC and detection engineers.
• Documented guardrails and handover so internal teams could own and extend the work without ongoing external dependence.

Contact

If this sounds relevant to your environment, send a short note about your current setup and what you're trying to improve.

• Email: [email protected]

We typically work with a small number of clients at a time to stay hands-on and close to the engineering teams.