LOG IN
SIGN UP
Tech Job Finder - Find Software, Technology Sales and Product Manager Jobs.
Sign In
OR continue with e-mail and password
E-mail address
Password
Don't have an account?
Reset password
Join Tech Job Finder
OR continue with e-mail and password
E-mail address
First name
Last name
Username
Password
Confirm Password
How did you hear about us?
By signing up, you agree to our Terms & Conditions and Privacy Policy.

K3s Security Engineer

at Capgemini

AI-Generated Resumes
Improve/bulletproof your resume against common mistakes or generate a new one, with our in-house AI trained on 100s of ex-intern and graduate CVs
SUBSCRIBE NOW
Back to all Cybersecurity jobs
Apply now
Capgemini logo
Consultancies

K3s Security Engineer

at Capgemini

Mid LevelNo visa sponsorshipCybersecurity

Posted 6 days ago

No clicks

Compensation
Not specified UAH

Currency: UAH

City
Not specified
Country
Ukraine

Security Engineer specializing in hardening and isolating K3s clusters to minimize blast radius in the event of a compromise, focusing on Linux security modules (SELinux, AppArmor), TPM-backed attestation, least-privilege enforcement, and multi-tenant isolation across hybrid Kubernetes environments. The role covers security architecture and policy enforcement, blast radius reduction, identity and secrets integration, runtime and supply chain security, and monitoring and incident response. It requires hands-on experience with K3s/Kubernetes internals, security tooling (SELinux/AppArmor, seccomp, SBOMs, image signing), and a mindset of defense-in-depth, with remote/overlap hours across time zones.

At Capgemini Engineering, the world leader in engineering services, we bring together a global team of engineers, scientists, and architects to help the world’s most innovative companies unleash their potential. From autonomous cars to life-saving robots, our digital and software technology experts think outside the box as they provide unique R&D and engineering services across all industries. Join us for a career full of opportunities. Where you can make a difference. Where no two days are the same.

#LI-Remote

Overview

We are looking for a Security Engineer specializing in hardening and isolating K3s clusters to minimize blast radius in the event of compromise. This role focuses on Linux security modules (SELinux, AppArmor), TPM-backed attestation, least-privilege enforcement, and multi-tenant isolation across hybrid Kubernetes environments (x86, ARM, accelerators).

This position requires 4–5 hours of overlap with PST.

Key Responsibilities

Security Architecture & Policy Enforcement

  • Design and implement security-first configurations for K3s cluster nodes.
  • Enforce mandatory access control (MAC) via SELinux and AppArmor for pods and system services.
  • Integrate TPM-backed secure boot and attestation pipelines to guarantee hardware/OS integrity.
  • Design isolation boundaries across nodes, pods, namespaces, and workloads.
  • Harden cluster components (API server, etcd, kubelet) according to CIS and NSA Kubernetes security benchmarks.

Blast Radius Reduction

  • Define and enforce workload sandboxing systems (seccomp, AppArmor, SELinux, gVisor, Kata Containers).
  • Implement least-privilege policies across RBAC, PodSecurityStandards, and NetworkPolicies.
  • Apply namespace, node pool, and hardware partitioning strategies for multi-tenancy.
  • Use quotas, limits, taints, tolerations, and scheduler constraints to reduce DoS blast radius.

Identity & Secrets Integration

  • Collaborate with the Security team on strong identity, authentication, and authorization models.
  • Integrate TPM-backed secrets, HSM/KMS systems, and secure bootstrapping.
  • Implement secure secret distribution solutions (SealedSecrets, Vault, SOPS).

Runtime & Supply Chain Security

  • Enforce image signing and verification (cosign, Notary).
  • Integrate SBOM generation and vulnerability scanning into CI/CD.
  • Deploy runtime anomaly detection (Falco, Cilium Tetragon, etc.).
  • Apply Linux kernel hardening: seccomp-bpf, IMA/EVM, kernel lockdown.

Monitoring & Incident Response

  • Build observability for audit logs, syscall monitoring, TPM attestations, and kernel events.
  • Create incident response runbooks focused on containment and blast-radius reduction.
  • Partner with SRE/Security teams for chaos drills and breach simulations.

Required Skills and Experience

  • Strong understanding of K3s and Kubernetes internals and native security features.
  • Hands-on experience with SELinux, AppArmor, seccomp, and Linux capabilities.
  • Experience with TPM for secure boot and attestation workflows.
  • Deep knowledge of Pod Security including Security Standards, OPA Gatekeeper, and Kyverno.
  • Proficiency with RBAC, NetworkPolicies, and multi-tenant isolation.
  • Solid background in Linux kernel security and low-level debugging.
  • Familiarity with container runtimes such as containerd, CRI-O, gVisor, and Kata.
  • Experience with forensic data collection, audit logging, and Kubernetes IR.
Nice to Have
  • Contributions to Kubernetes SIG-Security or security tooling.
  • Knowledge of supply chain security frameworks like SLSA and NIST 800-190.
  • Experience with confidential computing including SGX, SEV, and TEE.
  • Hands-on with Cilium Tetragon, Falco, or similar runtime security tools.
  • Familiarity with air-gapped clusters and hardened OS like Flatcar or Bottlerocket.

What You Will Love About Working Here

We care about all our employees and want them to feel as comfortable as possible. That's why we offer health insurance from the first days, regardless of the probationary period.The Gift from the Company - Christmas holidays from December 25 to December 31.Cooperation with Superhumans center and Veteran HUB. Capgemini Engineering has supported the launch of psychological rehabilitation department of Superhumans. Our team also donated over UAH 500 000 prosthetics for three Ukrainian defenders. Currently, we support psychological counseling provided by the Veteran Hub, and we have implemented an internal policy making the company friendly to military and veterans with the assistance of the Hub.

Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, generative AI, cloud and data, combined with its deep industry expertise and partner ecosystem.

#LI-AT5

K3s Security Engineer

at Capgemini

Application Tracker
Recruitment season is stressful enough. Track & manage your applications easily.
SUBSCRIBE NOW
Back to all Cybersecurity jobs
Apply now
Capgemini logo
Consultancies

K3s Security Engineer

at Capgemini

Mid LevelNo visa sponsorshipCybersecurity

Posted 6 days ago

No clicks

Compensation
Not specified UAH

Currency: UAH

City
Not specified
Country
Ukraine

Security Engineer specializing in hardening and isolating K3s clusters to minimize blast radius in the event of a compromise, focusing on Linux security modules (SELinux, AppArmor), TPM-backed attestation, least-privilege enforcement, and multi-tenant isolation across hybrid Kubernetes environments. The role covers security architecture and policy enforcement, blast radius reduction, identity and secrets integration, runtime and supply chain security, and monitoring and incident response. It requires hands-on experience with K3s/Kubernetes internals, security tooling (SELinux/AppArmor, seccomp, SBOMs, image signing), and a mindset of defense-in-depth, with remote/overlap hours across time zones.

At Capgemini Engineering, the world leader in engineering services, we bring together a global team of engineers, scientists, and architects to help the world’s most innovative companies unleash their potential. From autonomous cars to life-saving robots, our digital and software technology experts think outside the box as they provide unique R&D and engineering services across all industries. Join us for a career full of opportunities. Where you can make a difference. Where no two days are the same.

#LI-Remote

Overview

We are looking for a Security Engineer specializing in hardening and isolating K3s clusters to minimize blast radius in the event of compromise. This role focuses on Linux security modules (SELinux, AppArmor), TPM-backed attestation, least-privilege enforcement, and multi-tenant isolation across hybrid Kubernetes environments (x86, ARM, accelerators).

This position requires 4–5 hours of overlap with PST.

Key Responsibilities

Security Architecture & Policy Enforcement

  • Design and implement security-first configurations for K3s cluster nodes.
  • Enforce mandatory access control (MAC) via SELinux and AppArmor for pods and system services.
  • Integrate TPM-backed secure boot and attestation pipelines to guarantee hardware/OS integrity.
  • Design isolation boundaries across nodes, pods, namespaces, and workloads.
  • Harden cluster components (API server, etcd, kubelet) according to CIS and NSA Kubernetes security benchmarks.

Blast Radius Reduction

  • Define and enforce workload sandboxing systems (seccomp, AppArmor, SELinux, gVisor, Kata Containers).
  • Implement least-privilege policies across RBAC, PodSecurityStandards, and NetworkPolicies.
  • Apply namespace, node pool, and hardware partitioning strategies for multi-tenancy.
  • Use quotas, limits, taints, tolerations, and scheduler constraints to reduce DoS blast radius.

Identity & Secrets Integration

  • Collaborate with the Security team on strong identity, authentication, and authorization models.
  • Integrate TPM-backed secrets, HSM/KMS systems, and secure bootstrapping.
  • Implement secure secret distribution solutions (SealedSecrets, Vault, SOPS).

Runtime & Supply Chain Security

  • Enforce image signing and verification (cosign, Notary).
  • Integrate SBOM generation and vulnerability scanning into CI/CD.
  • Deploy runtime anomaly detection (Falco, Cilium Tetragon, etc.).
  • Apply Linux kernel hardening: seccomp-bpf, IMA/EVM, kernel lockdown.

Monitoring & Incident Response

  • Build observability for audit logs, syscall monitoring, TPM attestations, and kernel events.
  • Create incident response runbooks focused on containment and blast-radius reduction.
  • Partner with SRE/Security teams for chaos drills and breach simulations.

Required Skills and Experience

  • Strong understanding of K3s and Kubernetes internals and native security features.
  • Hands-on experience with SELinux, AppArmor, seccomp, and Linux capabilities.
  • Experience with TPM for secure boot and attestation workflows.
  • Deep knowledge of Pod Security including Security Standards, OPA Gatekeeper, and Kyverno.
  • Proficiency with RBAC, NetworkPolicies, and multi-tenant isolation.
  • Solid background in Linux kernel security and low-level debugging.
  • Familiarity with container runtimes such as containerd, CRI-O, gVisor, and Kata.
  • Experience with forensic data collection, audit logging, and Kubernetes IR.
Nice to Have
  • Contributions to Kubernetes SIG-Security or security tooling.
  • Knowledge of supply chain security frameworks like SLSA and NIST 800-190.
  • Experience with confidential computing including SGX, SEV, and TEE.
  • Hands-on with Cilium Tetragon, Falco, or similar runtime security tools.
  • Familiarity with air-gapped clusters and hardened OS like Flatcar or Bottlerocket.

What You Will Love About Working Here

We care about all our employees and want them to feel as comfortable as possible. That's why we offer health insurance from the first days, regardless of the probationary period.The Gift from the Company - Christmas holidays from December 25 to December 31.Cooperation with Superhumans center and Veteran HUB. Capgemini Engineering has supported the launch of psychological rehabilitation department of Superhumans. Our team also donated over UAH 500 000 prosthetics for three Ukrainian defenders. Currently, we support psychological counseling provided by the Veteran Hub, and we have implemented an internal policy making the company friendly to military and veterans with the assistance of the Hub.

Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, generative AI, cloud and data, combined with its deep industry expertise and partner ecosystem.

#LI-AT5

SIMILAR OPPORTUNITIES

No similar jobs available at the moment.

© 2026 Tech Job Finder. All Rights Reserved.
LinkedIn
Instagram
Facebook
Tech Job Finder
LinkedIn
Instagram
Facebook
© 2026 Tech Job Finder. All Rights Reserved.