DevOps / SRE / Platform Engineer — Kathmandu, Nepal

Building resilient
cloud infrastructure
at scale.

I architect, automate, and optimize complex cloud environments across AWS, GCP, and Azure — turning infrastructure into a strategic advantage. Seven years of craft, curiosity, and precision.

Explore my work
By the numbers
7+
Years in
DevOps
50%
Avg. cost
reduction
4
Cloud platforms
mastered
5
Companies
scaled
KubernetesAWSTerraformGitOpsSOC2FinOps
AWS Certified DevOps ProKubernetes & GitOpsSOC2 & ISO ComplianceMulti-Cloud Architecture50% Cost ReductionBlockchain & MLOpsZero-Downtime Migrations7+ Years in Production AWS Certified DevOps ProKubernetes & GitOpsSOC2 & ISO ComplianceMulti-Cloud Architecture50% Cost ReductionBlockchain & MLOpsZero-Downtime Migrations7+ Years in Production
01

The Engineer.

Location: Kathmandu, Nepal
Current: Sr. DevOps @ Zenledger
Specialty: Kubernetes & GitOps
Status: Open to roles

I treat infrastructure as a discipline of craft — where architecture decisions matter as much as the code running on top. My work spans the full lifecycle: design, CI/CD automation, security hardening, compliance certification, and ongoing FinOps.

At Zenledger I lead SOC2 & ISO certification, HA database architecture, and zero-trust security modernization. At CloudHero, I guided enterprise clients through complex migrations across AWS, GCP, and Azure — consistently near-zero downtime.

A background in Electrical Engineering combined with ongoing study of Psychology gives me an unusual lens: rigorous systems cultures thrive.

The best infrastructure is invisible — robust enough to be forgotten, elegant enough to be admired when seen.
02

The arsenal.

Cloud Platforms
AWSGCPAzureDigitalOceanOracle Cloud
Containers & Orchestration
KubernetesEKSECSDockerContainerdPodman
CI/CD & GitOps
ArgoCDFluxCDGitHub ActionsGitLab CIJenkinsCircleCIBitbucket PipelinesTravisCI
Infrastructure as Code
TerraformOpenTofuTerragruntAnsibleCloudFormationPackerCDK
Observability
PrometheusGrafanaLokiTempoELK StackDatadogPagerDutyHoneybadgerScoutAPMSentryNewRelicAWS CloudwatchAWS EventBridgeAWS CloudTrialAWS GuardDutyAWS Security Hub
Security & Networking
TrivySnykCheckovKyvernoVaultKongIstioCiliumCloudflare ZT
Databases
PostgreSQLMySQLRedisMongoDBTimescaleDBElasticsearchMilvusOracleDBMicrosoft SQL ServerInfluxDBMeilisearchDyanamonDB
Practices
SREPlatform EngineeringGitOpsZero TrustShift-Left SecurityChaos EngineeringFinOpsDisaster Recovery
Other
HelmKEDASnowflakeAWS GlueKinesis FirehoseMinIOLitmusChaos
03

Where I've worked.

Current
Feb 2025 — Present
Zenledger
Senior DevOps Engineer
Zenledger · Remote
  • Cut monthly infrastructure costs by migrating edge security from Cloudflare to AWS WAF; built Python/Bash automation to shut down QA/Dev environments outside business hours.
  • Designed and deployed a High Availability TimescaleDB cluster; orchestrated zero-downtime major-version migration of Amazon RDS from PostgreSQL 14 to 15.
  • Replaced legacy VPN with Cloudflare Zero Trust + Tailscale, implementing identity-aware, least-privilege access across all environments.
  • Led SOC2 and ISO 27001 certification to completion; established VPC Peering across Prod/Stage/QA/Dev; managed rolling EKS and EC2 fleet upgrades with zero service disruption across 8+ clusters.
  • Designed production observability stack (Prometheus, Grafana, Grafana Alloy, PagerDuty) covering 100% of services.
AWS WAFCloudflare ZTTimescaleDBEKSSOC2/ISO/GDPRDatadogHoneybadgerScoutAPMTimescaleDB
Nov 2023 — Feb 2025
CloudHero
Senior DevOps Engineer
CloudHero · Remote · Contract
  • Migrated client services from on-premises to AWS, GCP, Azure, and DigitalOcean (ECS/EKS) with near-zero downtime; deployed self-hosted Kubernetes on GCP with Ansible across 20+ clusters.
  • Authored a centralised Helm chart blueprint adopted company-wide; deployed Kyverno for admission control and policy enforcement across all client clusters.
  • Migrated thousands of ingress resources to Kong API Gateway; implemented Istio service mesh with canary deployments.
  • Eliminated static AWS secrets via AWS Private CA for IAM key rotation; integrated Trivy and Snyk for vulnerability scanning across all CI/CD pipelines.
  • Deployed MinIO for S3-compatible storage; built end-to-end monitoring with Prometheus, Grafana, Loki, and ELK Stack.
KubernetesArgoCDKongMulti-CloudTerraform
Jul 2021 — Feb 2024
Innovatetech
DevOps Engineer → Team Lead
Innovatetech Pvt. Ltd · Kathmandu
  • Promoted to Team Lead; led and mentored 6 DevOps and cloud-native practices.
  • Reduced cloud spend by 50% across multi-account AWS (10+ accounts) through spot/reserved instances, right-sizing, and automated scheduling.
  • Built centralised GitLab CI pipelines with shift-left security (Snyk, Trivy, Checkov); introduced ephemeral preview environments per PR.
  • Managed EKS with HPA, KEDA, Istio, and External Secrets Operator; drove SOC2, ISO 27001, and GDPR compliance; designed DR strategy with automated AWS Backups.
  • Built end-to-end observability using Prometheus, Grafana, Loki, ELK Stack, Datadog, Sentry, and Grafana Tempo.
Cost OptimizationTeam LeadGitOpsSOC2/ISOEKS
Feb 2020 — Jul 2021
IDenTV
DevOps Engineer
IDenTV · Remote
  • Deployed ML models on Kubernetes and bare-metal for real-time video analytics; engineered GPU sharing across pods using NVIDIA device plugin.
  • Cut monthly AWS spend from < engineers on IaC, GitOps,strong>$24K to $12K (50%) through right-sizing and OpenStack consolidation; reduced manual setup time by 70%.
  • Packaged golden AMIs with pre-baked AI models (Packer + Ansible) for single-command deployments in air-gapped government environments.
  • Established DevOps practice from scratch — CI/CD (CircleCI, TravisCI), Helm charts, HashiCorp Vault, Flussonic, Milvus.
GPU SharingTerraformVaultPackerMilvus
Jun 2021 — Present
Freelance
DevOps Consultant
Multiple Clients · Remote · Part-time
  • Blockchain: Deployed HA EVM node/validator infrastructure on EKS with sub-second RPC latency; automated smart contract pipelines with Hardhat and Foundry.
  • Marketplace & Data: Architected nested CloudFormation for AWS SaaS Marketplace; cross-cloud execution via Snowflake Container Services; real-time data pipelines with AWS Glue + Kinesis Firehose.
  • Platform: Deployed AWS Account Factory for Terraform (AFT) for multi-account vending; designed secure architectures for crypto analytics clients.
  • Data & ML: Scalable ML inference on EKS/ECS with Milvus; chaos testing with LitmusChaos; Cilium for eBPF-based networking.
EVM NodesSnowflakeAWS AFTLitmusChaosCilium
04

What I've WorkedOn.

01
SOC2 & ISO Compliance Framework
End-to-end SOC2 & ISO 27001 compliance infrastructure controls covering access control, audit logging, secrets management, and continuous monitoring.
Successful SOC2 and ISO 27001 certifications with zero critical findings
KyvernoVaultTrivyTerraformCloudWatch
Security & Compliance
02
High-Availability EVM Node Infrastructure
Production-grade EVM node clusters and Validator infrastructure on Amazon EKS. Sub-second RPC latency through optimized networking.
Sub-second RPC latency with 99.99% uptime for distributed ledger operations
EKSKubernetesTerraformHardhatFoundry
Blockchain Infrastructure
03
Cross-Cloud Snowflake Marketplace Distribution
Nested CloudFormation templates for SaaS distribution leveraging Snowflake Container Services for cross-cloud execution.
Cross-cloud native app distribution meeting strict metering and compliance requirements
SnowflakeCloudFormationAWSAzureDocker
Multi-Cloud / Data
04
Per-PR Immutable Preview Environments
GitOps-driven system spinning up fully isolated preview environments for every pull request with auto-teardown.
Reduced deployment feedback loops from days to minutes
ArgoCDGitHub ActionsKubernetesHelmTerraform
Platform Engineering
05
GPU-Sharing ML Inference Platform
Production Kubernetes platform enabling GPU sharing across multiple pods for real-time ML video analytics.
Over 60% reduction in per-inference infrastructure costs
KubernetesNVIDIA MPSEKSPrometheusGrafana
MLOps / GPU Infrastructure
06
AWS Multi-Account Factory with Terraform
AWS Account Factory for Terraform automating account vending with consistent security baselines.
Automated provisioning with consistent security baselines in under 30 minutes
AWS AFTTerraformControl TowerIAMSCP
Cloud Governance
Fetching from GitHub…
Case Study
05

From the field.

All articles on Medium ↗
Loading articles…
Medium
06

Full CV.

Full work history, certifications, education, and detailed project breakdowns.

LinkedIn ↗
Get in touch

Let's
build.

Whether it's a migration, a greenfield architecture, or a compliance sprint — I'd love to hear about it.

Email
[email protected]
Phone
+977 984 372 9354
LinkedIn
linkedin.com/in/manishkhadka
GitHub
github.com/pen-pal
Medium
palpen.medium.com
Website
manishkhadka.info.np