Senior Container Security Engineer

We’re seeking a Container Security Engineer to join our EPEO – Security Services team and lead efforts to secure our containerized environments. You will be responsible for designing, implementing, and maintaining security controls across our Docker, Kubernetes, and other container-orchestration platforms. Your expertise will help ensure our development pipelines and production workloads remain resilient against emerging threats in the cloud-native landscape.

Develop and maintain security policies, standards, and best practices for container images, registries, and orchestration platforms (Docker, Kubernetes, OpenShift, etc.).

Integrate security scanning and vulnerability management tools into CI/CD pipelines (e.g., Cycode, Mondoo, etc.,).

Harden container runtimes, host operating systems, network policies, and cluster configurations against misconfigurations and attacks.

Perform threat modelling and risk assessments specific to containerized workloads (e.g., privilege escalations, supply chain risks).

Monitor container runtime and orchestration logs for suspicious activities; respond to and investigate security incidents.

Collaborate with DevOps, Cloud, and Application teams to embed “shift-left” security practices and provide training on secure container development.

Lead periodic penetration tests, red-team exercises, and configuration reviews of cluster environments.

Evaluate and recommend emerging container-security solutions, keeping abreast of CNCF projects and industry trends.

Document security architecture, runbooks, and remediation guidelines for engineering teams.

Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).

3+ years of hands-on experience securing containerized applications in production.

Deep understanding of Docker and Kubernetes security primitives (Pod Security Policies, RBAC, Network Policies, etc.).

Proficiency with container-security tooling and vulnerability scanners.

Familiarity with CI/CD systems (Jenkins, GitLab CI, Tekton, etc.) and Infrastructure-as-Code (Terraform, Ansible, CloudFormation).

Strong Linux administration skills and knowledge of host hardening best practices.

Experience with cloud platforms (AWS, Azure, GCP) and their container services (EKS, AKS, GKE).

Solid scripting skills (Bash, Python, Go, etc.) to automate security checks and integrations.

Preferred Skills & Certifications

Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), or equivalent.

Cloud security certification (CCSP, AWS Security Specialty, Azure Security Engineer).

Experience with service meshes (Istio, Linkerd) and container networking security.

Knowledge of container registry management and image signing (Cosign, Binary Authorization).

Familiarity with Linux seccomp, AppArmor, SELinux, and other kernel-level security controls.

Prior experience in threat hunting, incident response, or forensics within container environments.