Kubernetes Security and Isolation Engineer Job in Portland

875 IT & Software Developer jobs in the US

Company Size

5k+

Company Type

Services

Exp Level

Regular

Job Type

Full-Time

Language

English

Visa sponsorship

Requirements

Must:

I am seeking candidates with the following qualifications: - A Bachelor's degree in Computer Science, Engineering, or a related technical field, with 8–10 years of experience in infrastructure, security, or systems engineering. - In-depth knowledge of Kubernetes internals (especially K3s), focusing on cluster hardening, multi-tenant isolation, and security architecture. - Advanced skills in Linux security features, including SELinux, AppArmor, seccomp, and kernel-level protections. - Practical experience with TPM for secure boot, attestation, and integration with HSM/KMS for cryptographic operations and secrets management. - A solid understanding of Pod Security frameworks (PodSecurityStandards, OPA, Gatekeeper, Kyverno) and the implementation of RBAC, NetworkPolicies, and workload isolation at scale. - Familiarity with container runtimes (containerd, CRI-O, gVisor, Kata) and their security implications within hybrid environments. - Experience with runtime and supply chain security tools and frameworks, such as Falco, Cilium Tetragon, cosign, Notary, and NIST 800-190. - Knowledge of confidential computing technologies (TEE, SGX, SEV), air-gapped deployments, and hardened Linux distributions like Flatcar and Bottlerocket.

Technologies

ARM

CI/CD

HSM

REST

RBAC

SEV

SGX

Responsibilities

In this role, I will be responsible for: - Designing and deploying security-first Kubernetes K3s cluster configurations across various hardware platforms, including x86, ARM, and accelerators. - Implementing Linux security modules (SELinux, AppArmor) and sandboxing techniques (seccomp, gVisor, Kata) to safeguard workloads and system services. - Integrating TPM for secure boot and attestation, ensuring hardware and OS integrity, while supporting cryptographic operations with HSM/KMS systems. - Creating multi-tenant isolation strategies utilizing namespaces, node pools, and hardware partitioning to prevent lateral movement and reduce blast radius. - Enforcing least-privilege policies through RBAC, PodSecurityStandards, NetworkPolicies, and resource constraints to secure workload execution and mitigate denial-of-service risks. - Hardening Kubernetes components (API server, etcd, kubelet) using CIS and NSA benchmarks and applying kernel-level protections like seccomp-bpf and IMA/EVM. - Protecting workload secrets with TPM-backed storage and tools like SealedSecrets, HashiCorp Vault, or SOPS for secure distribution and access control. - Enhancing supply chain security by implementing image signing (cosign, Notary), SBOM scanning, and CI/CD vulnerability management. - Monitoring runtime behavior using tools like Falco and Cilium Tetragon, while collaborating with SRE and Security teams to develop incident response runbooks and carry out breach simulation drills.

Description

I am excited to welcome dedicated individuals to our team in Portland, OR, who are eager to advance the future of cloud-native infrastructure in mission-critical environments, particularly within the aerospace sector, where security, reliability, and precision are of utmost importance. This onsite position requires a focus on hardening and isolating K3s clusters to minimize risk in case of compromise. I encourage you to join our dynamic team, where you will work with cutting-edge technologies, collaborating with cross-functional teams to build resilient, secure systems that facilitate innovation in the aerospace industry. At Capgemini, we are committed to supporting every facet of your well-being during the different phases of your professional life. We offer flexible working options, comprehensive healthcare plans that include dental and mental health, financial well-being programs (like 401(k) and Employee Share Ownership Plan), paid time off, parental leave, benefits for family building, and social well-being perks. We also provide mentoring and coaching opportunities as part of our learning programs. Capgemini Engineering is a renowned leader in engineering and R&D services, merging extensive industry knowledge with advanced technologies to support the integration of physical and digital realms. With a commitment to digital and sustainable transformation, our diverse team operates globally, creating significant impacts for enterprises and society alike. Come be part of our journey!

Something wrong or incorrect with this job? Tell us in the chat 💬 on the right ➡️

IT & Software developer jobs in the USSecurity Engineer jobs in the USSecurity Engineer jobs Portland, OR

You can find Cyber Security Engineer salaries in the United States here.

How many Cyber Security Engineer jobs are in the United States?

Currently, there are 875 Security openings. Check also: IAM jobs, SAML jobs, Cisco jobs, Splunk jobs - all with salary brackets.

Is the US a good place for Cyber Security Engineers?

The US is one of the best countries to work as a Cyber Security Engineer. It has a vibrant startup community, growing tech hubs and, most important: lots of interesting jobs for people who work in tech.

Which companies are hiring for Cyber Security Engineer jobs in the United States?

Sperasoft, Giesecke+Devrient, Archon Systems Inc, Puter Technologies Inc., LGS, une Société IBM / an IBM Company, Knox Systems, Finra among others, are currently hiring for Security roles in the United States.

The company with most openings is Leidos as they are hiring for 89 different Cyber Security Engineer jobs in the United States. They are probably quite committed to find good Cyber Security Engineers.