About the role you're considering

Are you passionate about securing the future of cloud-native infrastructure in mission-critical environments? Join our team in Portland, OR, as a Kubernetes Security Engineer supporting the aerospace industry, where security, reliability, and precision are paramount. In this onsite role, you?ll focus on hardening and isolating Kubernetes clusters to minimize blast radius in the event of compromise. This includes enforcing Linux security modules like SELinux and AppArmor, leveraging Trusted Platform Module (TPM) for secure boot and attestation, implementing least privilege across nodes and workloads, and ensuring multi-tenant isolation within hybrid Kubernetes environments?spanning x86, ARM, and accelerator-based architectures. You?ll work hands-on with cutting-edge technologies and collaborate with cross-functional teams to build resilient, secure infrastructure that supports aerospace innovation.

Your role

• Architect and deploy security-first Kubernetes cluster configurations across diverse hardware platforms, including x86, ARM, and accelerators.
• Enforce Linux security modules (SELinux, AppArmor) and sandboxing techniques (seccomp, gVisor, Kata) to protect workloads and system services.
• Integrate TPM for secure boot and attestation, ensuring hardware and OS integrity, and support cryptographic operations with HSM/KMS systems.
• Design multi-tenant isolation strategies using namespaces, node pools, and hardware partitioning to prevent lateral movement and reduce blast radius.
• Apply least-privilege policies using RBAC, PodSecurityStandards, NetworkPolicies, and resource constraints to secure workload execution and mitigate denial-of-service risks.
• Harden Kubernetes components (API server, etcd, kubelet) using CIS and NSA benchmarks, and implement kernel-level protections like seccomp-bpf and IMA/EVM.
• Secure workload secrets using TPM-backed storage and tools like SealedSecrets, HashiCorp Vault, or SOPS for safe distribution and access control.
• Strengthen supply chain security through image signing (cosign, Notary), SBOM scanning, and CI/CD vulnerability management.
• Monitor runtime behavior with tools like Falco and Cilium Tetragon, and collaborate with SRE and Security teams to develop incident response runbooks and conduct breach simulation drills.

Your skills and experience

• Bachelor?s degree in Computer Science, Engineering, or a related technical field, with 8?10 years of experience in infrastructure, security, or systems engineering.
• Deep expertise in Kubernetes internals, including cluster hardening, multi-tenant isolation, and security architecture.
• Advanced proficiency in Linux security features such as SELinux, AppArmor, seccomp, and kernel-level protections.
• Hands-on experience with TPM for secure boot, attestation, and integration with HSM/KMS for cryptographic operations and secrets management.
• Strong understanding of Pod Security frameworks (PodSecurityStandards, OPA, Gatekeeper, Kyverno) and implementation of RBAC, NetworkPolicies, and workload isolation at scale.
• Familiarity with container runtimes (containerd, CRI-O, gVisor, Kata) and their security implications in hybrid environments.
• Experience with runtime and supply chain security tools and frameworks, including Falco, Cilium Tetragon, cosign, Notary, SLSA, and NIST 800-190.
• Knowledge of confidential computing (TEE, SGX, SEV), air-gapped deployments, and hardened Linux distributions like Flatcar and Bottlerocket.