Cloud Security Engineer · Kathmandu, Nepal

Anjil Sharma.

CEH · ISC2 CC · CAP · DevSecOps
AWS + Azure + Kubernetes · CI/CD hardening
50+ vulnerabilities disclosed · DoD VDP recognized

3+
Years in security
50+
Vulns disclosed
5
Certifications
About

Security is not
a feature —
it's architecture.

Cloud Security Engineer with 3+ years securing multi-cloud environments across AWS, Azure, and Kubernetes. I turn compliance requirements into automation pipelines and vulnerabilities into hardened systems.

Active bug bounty researcher on HackerOne and Bugcrowd with recognition from the US Department of Defense Vulnerability Disclosure Program. I operate at the intersection of offensive insight and defensive engineering.

Open to remote opportunities in cloud security, DevSecOps, and penetration testing.

GitHub LinkedIn Twitter
3+
Years cloud & app security
50+
Vulnerabilities disclosed
US Dept. of Defense
Vulnerability Disclosure Program recognition
3
Cloud platforms (AWS · Azure · K8s)
Experience

Where I've worked
& what I've built.

Apr 2025 – Present Current
Cloud Security Engineer
ZeroTB · Lalitpur, Nepal
  • Designed and implemented secure cloud infrastructure (Azure + AWS) aligned with ISO 27001, SOC 2, and HIPAA compliance
  • Defined and enforced security controls across Kubernetes (AKS/EKS) clusters and serverless architecture
  • Automated cloud security operations using Terraform, AWS Security Hub, and Azure Defender
  • Hardened CI/CD pipelines with container image scanning via Trivy/Snyk and secrets management with HashiCorp Vault
Oct 2022 – Present Active
Independent Security Researcher
HackerOne & Bugcrowd · Remote
  • Discovered and responsibly disclosed 50+ vulnerabilities across web and Android applications on global platforms
  • Received formal recognition from the US Department of Defense Vulnerability Disclosure Program (VDP)
  • Expertise in OWASP Top 10, penetration testing, API security, and mobile application assessments
May 2023 – Feb 2024
Associate Security Engineer
Cedar Gate Technologies · Lalitpur, Nepal
  • Managed AWS IAM, Security Hub, GuardDuty, Azure Security Center, Conditional Access, MFA, and RBAC
  • Conducted HITRUST and SOC 2 Type II compliance assessments and regular security audits
  • Led incident response, VAPT, and penetration testing on web and Android applications
Oct 2022 – Feb 2023
Security Analyst Trainee
CryptoGen Nepal
  • Performed VAPT on web and Android applications
  • Collaborated with the IS audit team to prepare comprehensive security audit reports
May 2020 – Jul 2020
Cybersecurity Intern
Eminence Ways · Kathmandu, Nepal
  • Created reports covering Network Security, Web Application Security, Malware Analysis, and IS Audit
Skills & Certifications

Tools of the trade.

Cloud Platforms
AWS Security HubGuardDuty AWS IAMCognito EKSAzure Defender Azure ADAKS
DevSecOps & IaC
TerraformKubernetes DockerGitHub Actions TrivySnyk HashiCorp Vault
Frameworks
ISO 27001SOC 2 Type II HIPAAHITRUST NIST CSFOWASP Top 10
Offensive Security
Burp SuiteMetasploit NmapNESSUS OpenVASPen Testing CTF / HTB
Programming
PythonBash JavaScriptPHP HTML / CSSLinux
Networking
CCNA R&STCP/IP FirewallsIDS/IPS VPNZero Trust
EC-Council
Certified Ethical Hacker (CEH)
ISC2
Certified in Cybersecurity (CC)
CAP
Certified AppSec Practitioner V2.01
Cisco
CCNA – Routing & Switching
Fortinet
NSE1 & NSE2 – Network Security Expert
Recognition
US Dept. of Defense VDP
Blog

Write-ups & research.
Coming soon.

Web Security
Access Control Flaw in Healthcare Platform
Write-up incoming
Cloud Security
AWS Misconfiguration Leading to Data Exposure
Write-up incoming
Mobile Security
Android Deep Link Hijacking in Finance App
Write-up incoming
Get in touch

Let's talk security,
or just grab a coffee.

Open to roles in cloud security, DevSecOps, and penetration testing.

[email protected]
GitHub LinkedIn Twitter Tools ↗