About Me

I’m a passionate Security Engineer with experience in securing applications, networks, and cloud environments. My expertise spans manual and automated penetration testing, application security assessments (web, mobile, API), Active Directory and network penetration testing, and proactive threat hunting. Build and maintain security automation scripts to streamline and enhance security operations.

Worked to enhance DLP, SOC, MDR, and cloud security configurations, ensuring a strong security posture across the organisation. Experience in vulnerability management and playing a role in achieving compliance with industry standards such as SOC 2, HITRUST, and ISO 27001 by supporting audit readiness and driving operational security improvements.

CVE (Common Vulnerability Exposure)

Found security issues in popular technologies and software, helped fix them, and got CVEs assigned for these vulnerabilities.

  • CVE-2020-10596 - Opencart
  • CVE-2020-18723 - Mdaemon Webmail Service
  • CVE-2020-18724 - Mdaemon Webmail Service
  • CVE-2021-46065 - Zoho ManageEngine ServiceDesk Plus
  • CVE-2024-2301 - HP Printers

Core Skills

Penetration Testing Vulnerability Assessment Vulnerability Management Network Security Web Application Security Mobile App Security Cloud Security Incident Response API Penetration Testing Security Architecture Risk Assessment Compliance Gap Assessment Secure Code Training

Helped to Secure

Identified and reported security vulnerabilities and zero-day flaws in various products and companies through responsible disclosure processes and bug bounty platforms.

Google Facebook AWS Adobe Dell Zoho Alibaba Alibaba UN Microsoft Windows

Certifications

CC

ISC²

2023

CEH

EC-Council

2022

APISEC Certified Practitioner

APISEC

2024

Proofpoint Certified Email Authentication Specialist

Proofpoint

2025

Senior Cybersecurity Engineer

Cedar Gate Technologies

2023 - Present

Enhanced DLP, SOC, MDR, and cloud security; supported compliance (SOC 2, HITRUST, ISO 27001); managed vulnerabilities and verified external reports.

Senior Penetration Tester

Eminence Ways Pvt. Ltd.

2018 - 2023

Conducted VAPT, social engineering assessments, secure coding training and security audits for various organisations.

Chapter Leader

OWASP Kathmandu

2022 - Present

Organise cybersecurity meetups, CTF competitions and live hacking competitions.

Software Supply Chain Attacks and Preventions

Pentester Nepal April 2023 Kathmandu, Nepal

Identify vulnerabilities in third-party components, ensuring secure and compliant software delivery.

Present and future of infosec in Nepal

OWASP Kathmandu September 2022 Eminence Ways, Kathamndu

Starting cybersecurity journey, domains and paths

AppSec Security: Tools and Techniques

TU-ERC Campus November 2022 Dharan, Nepal

Advanced WebApp security testing techniques and emerging threats.

Secure Development and Deployment

Security Professionals Meetup January 2024 Kathmandu, Nepal

Secure coding practices, owasp to 10 prevention, DevOps mistakes

Speaking Topics

Technical Topics

  • Advanced Penetration Testing Techniques
  • Web Application Security
  • Cloud Security Architecture
  • Mobile Security Testing

Strategic Topics

  • Building Security Culture
  • Incident Response Planning
  • Risk Management Strategies
  • Security Awareness Training