×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Sr. Kubernetes Security Engineer

Job in Irving, Dallas County, Texas, 75084, USA
Listing for: Capgemini
Full Time position
Listed on 2026-01-04
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 108000 - 148000 USD Yearly USD 108000.00 148000.00 YEAR
Job Description & How to Apply Below

About the Role You're Considering

Are you passionate about securing the future of cloud‑native infrastructure in mission‑critical environments? Join our team in Portland, OR, as a Kubernetes Security Engineer supporting the aerospace industry, where security, reliability, and precision are paramount. In this onsite role, you’ll focus on hardening and isolating Kubernetes clusters to minimize blast radius in the event of compromise. This includes enforcing Linux security modules like SELinux and App Armor, leveraging Trusted Platform Module (TPM) for secure boot and attestation, implementing least privilege across nodes and workloads, and ensuring multi‑tenant isolation within hybrid Kubernetes environments—spanning x86, ARM, and accelerator‑based architectures.

You’ll work hands‑on with cutting‑edge technologies and collaborate with cross‑functional teams to build resilient, secure infrastructure that supports aerospace innovation.

Your Role
  • Architect and deploy security‑first Kubernetes cluster configurations across diverse hardware platforms, including x86, ARM, and accelerators.
  • Enforce Linux security modules (SELinux, App Armor) and sandboxing techniques (seccomp, gVisor, Kata) to protect workloads and system services.
  • Integrate TPM for secure boot and attestation, ensuring hardware and OS integrity, and support cryptographic operations with HSM/KMS systems.
  • Design multi‑tenant isolation strategies using name spaces, node pools, and hardware partitioning to prevent lateral movement and reduce blast radius.
  • Apply least‑privilege policies using RBAC, Pod Security Standards , Network Policies, and resource constraints to secure workload execution and mitigate denial‑of‑service risks.
  • Harden Kubernetes components (API server, etcd, kubelet) using CIS and NSA benchmarks, and implement kernel‑level protections like seccomp‑bpf and IMA/EVM.
  • Secure workload secrets using TPM‑backed storage and tools like Sealed Secrets, Hashi Corp Vault, or SOPS for safe distribution and access control.
  • Strengthen supply chain security through image signing (cosign, Notary), SBOM scanning, and CI/CD vulnerability management.
  • Monitor runtime behavior with tools like Falco and Cilium Tetragon, and collaborate with SRE and Security teams to develop incident response runbooks and conduct breach simulation drills.
Your Skills and Experience
  • Bachelor’s degree in Computer Science, Engineering, or a related technical field, with 8–10 years of experience in infrastructure, security, or systems engineering.
  • Deep expertise in Kubernetes internals, including cluster hardening, multi‑tenant isolation, and security architecture.
  • Advanced proficiency in Linux security features such as SELinux, App Armor, seccomp, and kernel‑level protections.
  • Hands‑on experience with TPM for secure boot, attestation, and integration with HSM/KMS for cryptographic operations and secrets management.
  • Strong understanding of Pod Security frameworks (Pod Security Standards , OPA, Gatekeeper, Kyverno) and implementation of RBAC, Network Policies, and workload isolation at scale.
  • Familiarity with container runtimes (containerd, CRI‑O, gVisor, Kata) and their security implications in hybrid environments.
  • Experience with runtime and supply chain security tools and frameworks, including Falco, Cilium Tetragon, cosign, Notary, SLSA, and NIST 800‑190.
  • Knowledge of confidential computing (TEE, SGX, SEV), air‑gapped deployments, and hardened Linux distributions like Flatcar and Bottlerocket.

The base compensation range for this role in the posted location is: $108,000 - $148,000

Capgemini provides compensation range information in accordance with applicable national, state, provincial, and local pay transparency laws. The base compensation range listed for this position reflects the minimum and maximum target compensation Capgemini, in good faith, believes it may pay for the role at the time of this posting. This range may be subject to change as permitted by law.

The actual compensation offered to any candidate may fall outside of the posted range and will be determined based on multiple factors legally permitted in the applicable jurisdiction.

It is not typical for candidates…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search