ExecutivePlacements.com
Responsibilities
Standards & Policy Development: Author, maintain, and socialize container security standards, baseline configurations, and operational runbooks; define control requirements for Kubernetes clusters and Docker runtimes (networking, RBAC, secrets, compliance, logging).
Control Design & Implementation: Engineer and deploy container-specific security controls across the estate (on‑prem & cloud), including Kubernetes RBAC, NetworkPolicies, PodSecurity standards (or replacements), admission controls (OPA/Gatekeeper/Kyverno), image security (registry governance, signing/verification, SBOM, vulnerability management), runtime protection (CIS benchmarks, syscall/behavior policies, workload isolation, secrets management) and secure CI/CD integrations (image scanning gates, IaC security checks, policy‑as‑code).
Operational Support: Own day‑to‑day health and performance of deployed controls; troubleshoot issues with clusters, workloads, and pipelines; partner with platform engineering/SRE to triage, remediate, and tune policies without breaking delivery velocity.
Documentation & Enablement: Produce clear, actionable documentation—standards, architecture diagrams, procedures, FAQs, and "how‑to" guides; provide guidance and training to engineering teams to adopt secure‑by‑default patterns.
Broader Cybersecurity Support: Contribute to vulnerability management, incident response (for containerized workloads), audit support, and control assurance; participate in threat modeling for new services and changes.
Required Qualifications
OS Expertise: Proficient in both Windows and Linux administration and security fundamentals.
Containers: 3+ years hands‑on experience with Docker and Kubernetes (design, deployment, security hardening).
Security Engineering: Proven ability to design, implement, and operationalize technical controls in production environments.
Networking & Access Control: Solid grasp of container networking (CNI), service‑to‑service policies, identity/RBAC, and secrets handling.
DevSecOps Mindset: Experience integrating security into CI/CD (e.g., image scanning, policy gates, IaC checks).
Documentation: Strong technical writing skills (standards, procedures, diagrams).
Work Style: Able to work independently with minimal oversight; strong ownership and follow‑through.
Preferred Qualifications
Cloud: Experience with Microsoft Azure (AKS, ACR, Azure Defender/Defender for Cloud, Key Vault, Azure Policy).
Security Tools & Frameworks: Familiarity with admission/policy tools (OPA/Gatekeeper, Kyverno), image scanning (Trivy, Aqua, Prisma, Clair), SBOM (CycloneDX), Kubernetes security benchmarks (CIS), Pod Security standards, runtime protection.
Infrastructure as Code & Automation: Terraform, Bicep/ARM, Helm, GitHub Actions/Azure DevOps pipelines.
Logging/Monitoring: Experience with centralized logging and metrics for containers (e.g., Prometheus, Grafana, ELK/EFK).
Compliance & Assurance: Experience mapping controls to frameworks (CIS, NIST CSF, ISO 27001, PCI, SOC 2) for containerized workloads.
Certifications (nice to have): AZ‑500, CKA/CKS, Security+, CISSP, CCSP.
Core Competencies
Technical Depth & Pragmatism: Balances strong security posture with developer productivity and uptime.
Problem Solving: Diagnoses complex production issues across networking, policy, identity, and runtime.
Communication: Explains trade‑offs, documents clearly, and influences stakeholders.
Ownership & Autonomy: Drives initiatives end to end (requirements, build, deploy, monitor, and improve).
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries Advertising Services
#J-18808-Ljbffr
Standards & Policy Development: Author, maintain, and socialize container security standards, baseline configurations, and operational runbooks; define control requirements for Kubernetes clusters and Docker runtimes (networking, RBAC, secrets, compliance, logging).
Control Design & Implementation: Engineer and deploy container-specific security controls across the estate (on‑prem & cloud), including Kubernetes RBAC, NetworkPolicies, PodSecurity standards (or replacements), admission controls (OPA/Gatekeeper/Kyverno), image security (registry governance, signing/verification, SBOM, vulnerability management), runtime protection (CIS benchmarks, syscall/behavior policies, workload isolation, secrets management) and secure CI/CD integrations (image scanning gates, IaC security checks, policy‑as‑code).
Operational Support: Own day‑to‑day health and performance of deployed controls; troubleshoot issues with clusters, workloads, and pipelines; partner with platform engineering/SRE to triage, remediate, and tune policies without breaking delivery velocity.
Documentation & Enablement: Produce clear, actionable documentation—standards, architecture diagrams, procedures, FAQs, and "how‑to" guides; provide guidance and training to engineering teams to adopt secure‑by‑default patterns.
Broader Cybersecurity Support: Contribute to vulnerability management, incident response (for containerized workloads), audit support, and control assurance; participate in threat modeling for new services and changes.
Required Qualifications
OS Expertise: Proficient in both Windows and Linux administration and security fundamentals.
Containers: 3+ years hands‑on experience with Docker and Kubernetes (design, deployment, security hardening).
Security Engineering: Proven ability to design, implement, and operationalize technical controls in production environments.
Networking & Access Control: Solid grasp of container networking (CNI), service‑to‑service policies, identity/RBAC, and secrets handling.
DevSecOps Mindset: Experience integrating security into CI/CD (e.g., image scanning, policy gates, IaC checks).
Documentation: Strong technical writing skills (standards, procedures, diagrams).
Work Style: Able to work independently with minimal oversight; strong ownership and follow‑through.
Preferred Qualifications
Cloud: Experience with Microsoft Azure (AKS, ACR, Azure Defender/Defender for Cloud, Key Vault, Azure Policy).
Security Tools & Frameworks: Familiarity with admission/policy tools (OPA/Gatekeeper, Kyverno), image scanning (Trivy, Aqua, Prisma, Clair), SBOM (CycloneDX), Kubernetes security benchmarks (CIS), Pod Security standards, runtime protection.
Infrastructure as Code & Automation: Terraform, Bicep/ARM, Helm, GitHub Actions/Azure DevOps pipelines.
Logging/Monitoring: Experience with centralized logging and metrics for containers (e.g., Prometheus, Grafana, ELK/EFK).
Compliance & Assurance: Experience mapping controls to frameworks (CIS, NIST CSF, ISO 27001, PCI, SOC 2) for containerized workloads.
Certifications (nice to have): AZ‑500, CKA/CKS, Security+, CISSP, CCSP.
Core Competencies
Technical Depth & Pragmatism: Balances strong security posture with developer productivity and uptime.
Problem Solving: Diagnoses complex production issues across networking, policy, identity, and runtime.
Communication: Explains trade‑offs, documents clearly, and influences stakeholders.
Ownership & Autonomy: Drives initiatives end to end (requirements, build, deploy, monitor, and improve).
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries Advertising Services
#J-18808-Ljbffr