close-menu

K3s Security Engineer

INFT Solutions Inc

Not Interested
Bookmark
Report This Job
profile Job Location:

Portland, TX - USA

profile Monthly Salary: Not Disclosed
Posted on: 5 hours ago
Vacancies: 1 Vacancy
Register to Apply

Job Summary

Role: K3s Security Engineer

Work location: Portland OR

Job Description:

K3s Security & Isolation Specialist

Context:

  1. The Security Engineer will focus on hardening and isolating K3s clusters to minimize blast radius in the event of compromise. This includes enforcing Linux security modules (SELinux AppArmor) leveraging TPM for secure boot and attestation implementing least privilege across nodes and workloads and ensuring multi-tenant isolation within hybrid Kubernetes environments (x86 ARM accelerators).

Key Responsibilities:
Security Architecture & Policy Enforcement
Design and implement security-first cluster configurations for K3s nodes.
Enforce mandatory access control (MAC) using SELinux and AppArmor profiles for pods and system services.
Integrate TPM-based attestation and secure boot for cluster nodes to ensure trust in hardware and OS integrity.
Establish node pod and namespace isolation strategies to reduce lateral movement risk.
Harden cluster components (API server etcd kubelet) following CIS and NSA Kubernetes security benchmarks.
Blast Radius Reduction
Define and enforce workload sandboxing strategies (seccomp AppArmor SELinux contexts gVisor/Kata if applicable).
Configure minimal privilege policies (RBAC PodSecurityStandards NetworkPolicies) to ensure least-privilege execution.
Implement namespace node pool and hardware partitioning to confine workloads and protect sensitive applications.
Apply resource quotas limits and scheduling constraints to contain denial-of-service blast radius.
Integration with Identity & Secrets Management
Work with Security team to ensure strong identity authentication and authorization models.
Integrate TPM-backed secrets storage and HSM/KMS systems for cryptographic operations.
Ensure secure distribution of workload secrets with solutions like SealedSecrets HashiCorp Vault or SOPS.
Runtime & Supply Chain Security
Enforce image signing and verification with cosign or Notary.
Integrate SBOM scanning and vulnerability management into CI/CD pipelines.
Monitor workloads for runtime anomalies (Falco Cilium Tetragon or equivalent).
Apply kernel hardening measures (seccomp-bpf kernel lockdown IMA/EVM with TPM).
Monitoring & Incident Response
Build observability hooks for security events (audit logs syscall monitoring TPM attestations).
Define blast radius response runbooks for compromised pods or nodes.
Work with SRE and Security teams to test chaos/security drills simulating breaches.

Mandatory skills and skill proficiencies required:
Strong knowledge of K3s/Kubernetes internals especially security features.
Hands-on experience with SELinux AppArmor seccomp and Linux capabilities.
Experience with TPM (Trusted Platform Module) for secure boot and attestation.
Deep understanding of Pod Security (PodSecurityPolicies/Standards OPA/Gatekeeper/Kyverno).
Experience implementing RBAC NetworkPolicies and workload isolation at scale.
Proficiency in Linux kernel security mechanisms and debugging.
Familiarity with container runtimes (containerd CRI-O gVisor Kata) and their security implications.
Strong background in incident response forensic data collection and audit logging in Kubernetes.

Optional skills and skill proficiencies:
Contributions to Kubernetes SIG-Security or open-source security tooling.
Experience with supply chain security frameworks (SLSA NIST 800-190).
Familiarity with confidential computing (TEE/SGX/SEV) for workload isolation.
Hands-on with Cilium Tetragon Falco or other runtime security tools.
Knowledge of air-gapped deployments and hardened Linux distributions (e.g. Flatcar Bottlerocket).

Required Skills:

K3sKubernetesSELinuxTrusted Platform ModuleRBACPod Security

Role: K3s Security Engineer Work location: Portland OR Job Description: K3s Security & Isolation Specialist Context: The Security Engineer will focus on hardening and isolating K3s clusters to minimize blast radius in the event of compromise. This includes enforcing Linux security modules (SELinux...
View more view more

Key Skills

  • Splunk
  • IDS
  • Network security
  • Computer Networking
  • Identity & Access Management
  • PKI
  • PCI
  • NIST Standards
  • Security System Experience
  • Information Security
  • Encryption
  • Siem
Apply Now

About Company

INFT Solutions Inc
Company Logo
View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click

AI AutoApply

AI Resume Builder

Create an ATS-ready CV in minutes

AI Resume Builder

AI Cover Letter

Write a personalized letter instantly

AI Cover Letter

Related Jobs

SRE Engineer

Orison Solutions

profile Redmond

SoftwareQA Engineer

Ns It Solutions

profile Chicago

AIML Engineer

Purple Drive

profile Thousand Oaks

Full Stack Cloud Engineer DevOps Engineer

Ns It Solutions

profile Tempe

Senior Electrical Engineer

Linq Global

profile Trenton

AI software engineer

Orison Solutions

profile Redmond

GCP Data Engineer

Headway Tek

profile Marshall County

Senior Data Engineer

Ns It Solutions

profile Fallon
  1. Home
  2. Jobs In USA
  3. Jobs In Texas
  4. Jobs In Portland
  5. K3s Security Engineer
About Dr.Job

Dr.Job is an AI-powered career platform that bridges the gap between employers and talented job seekers. Since 2015, we have been one of the leading job portals in the UAE, trusted by thousands daily to find opportunities faster and smarter. Today, Dr.Job is expanding worldwide, connecting professionals and employers across borders. With AI-driven tools for resume building, interview preparation, and automated applications, Dr.Job empowers job seekers to land their dream roles and helps employers find top talent with accuracy and speed.

Follow Dr.Job
Payment accepted icon
Company
Popular Searches
Employer
Quick Links
Job seeker
Jobs by Countries

Dr Job FZ LLC. 2026 © All Rights Reserved

Terms of Use. Privacy Policy. Cookie Policy