BrightPath
PrivateMulti-Tenant School-Management SaaS
Full-Stack & Security Engineer
A production-scale, multi-tenant platform for African schools — student lifecycle, grading, mobile-money payments, and parent communications, with tenant isolation enforced at the database engine.
- Tenant isolation via 1,063 PostgreSQL Row-Level Security policies — derived server-side from the JWT, never trusted from the client.
- 12+ hierarchical roles with granular resource.action permissions (RBAC).
- Multi-provider payments: M-Pesa (Daraja), Airtel, MTN, Stripe — with HMAC webhook verification.
- COPPA-focused AppSec: custom Playwright consent/age-gate scripts, Semgrep, gitleaks, OWASP ZAP, dependency CVE auditing in CI.



