hash3liZer

Resume

Shameer Kashif

Senior Security Engineer · Application Security, Agentic AI & Full Stack

5+Public CVEs
OSCPOSWP · eCPPTv2
FounderShellvoide · KLUE
#1CTF team in Pakistan

Application security engineer and founder specializing in Agentic AI, DevSecOps, Cloud, and Full Stack. I build agentic AI tooling for autonomous vulnerability discovery and dynamic testing, lead offensive engagements that turn into publicly credited CVEs, and embed security across CI/CD and infrastructure at scale.

Experience

Security Engineer & Founder

Shellvoide New Mexico, US

Jan 2026 to Present

Building KLUE, an autonomous security testing platform for VAPT, SAST, and DAST, wired directly into CI/CD pipelines.

  • Architected and shipped KLUE, an agentic AI penetration testing platform with reasoning based vulnerability discovery and multi model orchestration, delivering working PoCs within 24 hours of kickoff.
  • Led offensive engagements across companies and open source targets, driving full code, cloud, and application reviews and coordinating responsible disclosure into 5+ publicly credited CVEs.
  • Built production infrastructure for long running autonomous workloads with containerized multi hour agent orchestration and safe, model driven deployment.

AI Security Engineer

Nua Security (Trustline) Riyadh, Saudi Arabia

Sep 2023 to Dec 2025

Application security for a bug bounty platform, with cloud native deployments and an agentic AI autonomous pentest prototype.

  • Built the core prototype for an agentic AI autonomous penetration testing tool, integrating scanning and exploitation modules with end to end orchestration.
  • Led application security and remediation for the bug bounty platform, triaging reports and patching web and API vulnerabilities to harden production.
  • Designed and maintained containerized deployment pipelines, improving release reliability and automation.

Cyber Security Engineer

The COZM London, United Kingdom

Jun 2023 to Dec 2024

Cloud native, multi tenant AWS infrastructure with DevSecOps embedded across the SDLC.

  • Built and operated production AWS infrastructure from the ground up: multi tenant, multi cluster, auto scaling containerized environments.
  • Integrated SAST and DAST into CI/CD and established remediation workflows to catch vulnerabilities earlier.
  • Supported ISO 27001 readiness and improved system uptime by 40% through optimized deployment strategies.

Security Engineer, DevSec

Zettabyte Islamabad, Pakistan

Jan 2021 to Oct 2023

Cyber Range platform built on an OpenStack base layer with automated lab orchestration.

  • Extended the OpenStack foundation for the Cyber Range with plugins for compute, networking, and storage.
  • Built orchestration to provision multi node lab environments automatically, cutting manual setup time.
  • Ran penetration tests on client web applications and range components with remediation guidance.

Education

BS in Cyber Security

2019 to 2023

Air University, Islamabad

3.48 / 4.0 CGPA. Vice President of the Bits & Bytes Society. Built Subrake, a subdomain takeover toolkit, as the final year project.

Leadership

Co founder & COO

2021 to Present

AirOverflow

Co founded Pakistan's top CTF team. Organize tech talks, HackTheBox meetups, and live streams, and compete internationally. Leading development of ARENA, a Pakistani CTF learning and training platform.

Certifications

  • OSCPOffensive Security Certified Professional2024
  • OSWPOffensive Security Wireless Professional2024
  • eCPPTv2Certified Professional Penetration Tester2023

CTF & Awards

  • WinnerDigital Pakistan Cyber Security Hackathon, Red & Blue Team CTF2024
  • WinnerTurkish COMSEC HackMaster CTF, Istanbul2024
  • WinnerDigital Pakistan Cyber Security Hackathon CTF2023
  • CompletedDante & Zephyr Pro Labs, HackTheBox2024
  • 20th placeBlack Hat MEA CTF2024
  • QualifiedHackDay, Paris2024
  • 2nd placeDigital Pakistan Hackathon, Network Exploitation2021

Skills

Security

  • Web & API Exploitation
  • Penetration Testing
  • Secure Code Review
  • OWASP Top 10
  • SAST & DAST
  • Threat Modelling
  • Vulnerability Triage
  • Reconnaissance
  • Post Exploitation

Agentic AI

  • LangChain
  • LangGraph
  • Deep Agents
  • LLM Orchestration
  • Playwright Automation
  • Langfuse
  • RAG Pipelines

DevSecOps & Cloud

  • AWS
  • OpenStack
  • Docker
  • Kubernetes
  • Terraform
  • CI/CD
  • Snyk
  • SonarQube
  • Ansible

Engineering

  • Python
  • C / C++
  • JavaScript / TypeScript
  • Django / DRF
  • FastAPI
  • React & Next.js
  • Node.js
  • PostgreSQL / Redis