All work
Full-Stack Applications

Sales Territory Mapping & Lead Management App

A full-stack, production web application giving a sales team a fast, visual way to explore territory/account data on an interactive map, plan optimized routes, and capture leads in the field.

0 high-severity issues

Post-remediation security audit

Purged from full git history

Leaked credentials

Installable PWA, offline-capable

Delivery model

The Problem

Sales reps needed to see their accounts geographically, plan efficient multi-stop visit routes, and log new leads on the go (including scanning badges/QR codes at events), with a separate, simplified "customer-facing" mode for kiosk-style use — none of which a spreadsheet or generic CRM map view supported well.

My Approach

  • Built a React + TypeScript single-page application with an interactive map (marker clustering, filtering, search) as the primary interface, backed by a serverless Firebase backend (Auth, Firestore, Cloud Functions).
  • Implemented route optimization for multi-stop sales visits with a sensible maximum-stop cap for usability, plus one-tap hand-off to a mobile maps app for actual turn-by-turn navigation.
  • Built a lead-capture flow using QR/badge scanning for fast data entry at events, and a data-import/admin pipeline (spreadsheet upload with domain-based filtering) for bulk account data.
  • Implemented role-based access: full sales-rep functionality vs. a locked-down "customer mode" for a shared kiosk device, enforced server-side, not just hidden in the UI.
  • Shipped it as an installable Progressive Web App with offline support and a dark mode, and added automated build verification and linting/type-checking to the CI process.
  • Led a full security hardening pass post-launch: rotated and permanently purged a leaked API credential from the entire git history, moved sensitive calls from the client to authenticated server-side Cloud Functions, enforced verified-email checks and an anchored domain-allowlist regex, added Content-Security-Policy and standard security headers, capped upload sizes, and added a CI gate that fails the build on high/critical dependency vulnerabilities.
  • Commissioned and closed out an independent follow-up security/QA audit after remediation, which confirmed no high-severity issues remained.

Stack

Frontend

React 18TypeScriptViteTailwind CSSMapbox GL JS

Backend/Platform

Firebase (Auth, Firestore, Cloud Functions, Hosting)Google Maps routing APIs

Data/Utilities

html5-qrcodeExcelJS & PapaParsePWA tooling (Workbox/service worker)

Quality/Security

ESLintPrettierVitestCI dependency-vulnerability scanningContent-Security-PolicyFirestore security rules

Practices

Role-based access controlSecret rotation & git-history remediationIndependent security audit follow-through

Skills Demonstrated

  • Full-stack ownership of a real production application, frontend to backend to security
  • Geospatial/mapping UX and route-optimization logic
  • Serverless architecture with Firebase
  • Secure SDLC practice: not just writing secure code, but remediating and verifying security issues after the fact
  • Following through on independent verification instead of self-certifying "fixed"