Skip to content
NINTECH

services

Two disciplines,one senior team.

Every engagement is scoped in writing, delivered by senior engineers who have shipped the thing before, and measured against numbers we agree up front. No juniors at senior rates, no black boxes.

Intelligence

LLM & AI Engineering

AI strategy & roadmaps

Where AI actually pays off in your business — an evidence-based plan, not a slideware vision.

Custom fine-tuning

Domain-tuned open-weight and hosted models — data pipelines, training runs, and eval harnesses included.

RAG & knowledge systems

Retrieval architectures that answer from your data with citations, guardrails, and measurable accuracy.

Autonomous agents

Tool-using agents for operations, support, and research — sandboxed, observable, and auditable.

Model evaluation & safety

Eval suites, red-teaming, and regression gates so model changes never surprise production.

LLM application builds

Copilots, assistants, and AI features shipped end-to-end inside your product.

What you get

  • Eval harness with scorecards wired into CI
  • Architecture and data-flow documentation
  • Runbooks and monitoring dashboards
  • Clean handover — code, weights, and eval sets in your repos
Engineering

Advanced Software Engineering

Distributed systems

Event-driven backbones, consensus, and data pipelines that stay correct under load.

Performance engineering

Profiling and rewriting hot paths — 10× latency wins are the brief, not the surprise.

Managed security operations

Threat modeling, hardening, and monitored defenses for systems that face the internet.

DevOps & cloud automation

CI/CD, infrastructure-as-code, and cloud architecture that deploys itself and fails loudly.

Data engineering

Pipelines, warehouses, and streaming that stay correct and observable — with data contracts, tests, and lineage.

Legacy modernization

Strangler-pattern migrations that de-risk decade-old codebases without a rewrite cliff.

What you get

  • Architecture decision records for every major choice
  • Test suites gating each change slice
  • Performance reports with before/after numbers
  • On-call and operations handover documentation
Security

Security Services

Penetration testing

Web app, API, network, and cloud pentests done by hand — not just a scanner — with findings ranked by real exploitability and a free retest of the fixes.

Red team engagements

Goal-based adversarial simulation — phishing, initial access, lateral movement, exfiltration — run safely against your live estate and fully logged.

Security audits & code review

Architecture and source review against a real threat model: auth, secrets, injection, and the business-logic flaws scanners never find.

Cloud security posture

CSPM and CNAPP reviews of AWS, GCP, and Azure — misconfigurations, over-broad IAM, exposed storage, and drift, prioritised by blast radius.

Incident response

Containment, forensics, and root-cause analysis when something has already gone wrong — plus a rehearsed plan so the next one is boring.

Compliance readiness

Cyber Essentials Plus, ISO 27001, SOC 2, and UK GDPR — controls built into the system and evidence collected as you go, not the week before the audit.

What you get

  • Ranked findings report with proof-of-concept exploits
  • Remediation guidance and a free retest
  • Executive summary for the board
  • Attestation letter for your customers
Operations

Managed Infrastructure & SRE

Cloud & platform engineering

Internal developer platforms, golden paths, and infrastructure-as-code your teams actually want to use.

Managed Kubernetes

Production clusters we operate — patched control plane, autoscaling, cost kept honest — or a simpler platform when Kubernetes is overkill.

Database operations

Postgres, MySQL, and Redis tuned, backed up, and failed over, with point-in-time recovery you have actually tested.

Observability & SRE

SLOs tied to user experience, error budgets, and alerting on symptoms — so incidents are found before your customers find them.

Monitoring & on-call

24/7 detection with engineers on the pager and a rehearsed incident plan, not a dashboard nobody watches.

Backup & disaster recovery

Automated offsite backups, tested restores, and a recovery plan with a real RTO and RPO — not a hope.

What you get

  • Runbooks and an on-call rotation set up
  • Per-team cost dashboards
  • SLOs and error budgets agreed and monitored
  • Tested restores with a documented recovery plan

engagement models

Fixed scope

A written proposal with milestones, acceptance criteria, and a fixed price. Best for bounded builds, audits, and migrations.

Most popular

Retained team

Senior engineers embedded with your team month to month, with a named lead and weekly demos. Best for ongoing product work.

Build & host

We build the system, then run it on Nintech infrastructure under the SLAs on the hosting page. One accountable partner, end to end.

estimate your engagement

Consultancy estimator

A ballpark in thirty seconds, priced the way we actually work. The real number comes from a scoping call and a written proposal — this just sets expectations.

What do you need?

Engagement

Complexity

Well-understood problem, clean data.

Estimated effortSmall build · 8 days

Estimated project cost

£7,900£10,600

Includes scoping, a written proposal, and a fixed price against agreed acceptance criteria.

ServiceAI & LLM engineering
EngagementOne-off project
ScopeSmall build
ComplexityStandard
Book a scoping call →

Indicative only. Your exact figure comes from a written proposal after a scoping call — no charge, no obligation.

Measured, not promised

Model quality is gated by evaluation rounds before anything ships.

Model accuracy rising from 62 to 91 percent across six evaluation rounds

Model accuracy across eval rounds — illustrative

Performance work that shows its receipts

A recent risk-engine rebuild, p99 recompute latency.

p99 before340ms
p99 after9ms

Before/after, production traffic — illustrative

engagement faqs

How does an engagement start?

Send a brief through the contact form or your portal. A senior engineer reads it the same day, we reply within one business day, and if it fits we run a scoping call and return a written proposal with milestones and price.

Who actually does the work?

Senior engineers only — the people you meet in scoping are the people who write the code. We don't resell your project to subcontractors or staff it with juniors.

Do you offer penetration testing and security assessments?

Yes — web, API, network, and cloud penetration tests, red-team engagements, and security audits, run by hand rather than a scanner alone. Every assessment includes a ranked findings report with proof-of-concept exploits, remediation guidance, and a free retest once you have fixed the issues. We work under NDA and to rules of engagement you approve.

How much does an engagement cost?

It depends on scope. Most one-off engagements land between £2k and £42k, and the estimator on this page gives a ballpark in seconds — pick a service, effort, and complexity. The exact figure comes from a scoping call and a written proposal against agreed acceptance criteria. Ongoing support is a monthly retainer sized to how much of the team you need. No hourly surprises.

How quickly can you start, and how long does it take?

Scoping usually happens within a week of your first message. Security assessments run one to three weeks; build engagements ship in slices with weekly demos, so you see working software from the first fortnight rather than only at the end.

Who owns the code and models?

You do. All code, fine-tuned weights, eval sets, and documentation are delivered to your repositories under your ownership. We retain nothing beyond what the contract requires for support.

Do you work on existing codebases?

Yes — most engineering engagements start inside a legacy system. We begin with a read-only audit, agree a risk map, and ship changes in slices gated by tests rather than proposing a rewrite.

Is my work kept confidential?

Yes. We sign NDAs as standard, keep client work strictly siloed, and never train models on one client's data for another's benefit. Findings and credentials from security work are handled on a need-to-know basis and destroyed on completion.

What if it isn't working out?

Fixed-scope work has acceptance criteria agreed up front; retained engagements are month to month with no lock-in. If a project is not clearing the bar we agreed, we say so early — a failing project stopped in month two is cheaper for everyone than a zombie that limps to month twelve.

A senior engineer reads every enquiry the same day — with a view on scope, not a sales pitch.

Services — Nintech