SRE - Security Engineer

### **About the Role**

We are seeking a Security Engineer to design, implement, and maintain security controls across our cloud\-native infrastructure and Kubernetes platforms. The ideal candidate will have strong expertise in Kubernetes security, GitOps practices, container security, threat detection, vulnerability management, and application security. You will work closely with Platform Engineering, SRE, DevOps, and Development teams to ensure security is embedded throughout the software delivery lifecycle.

• *Key Responsibilities**
• -----------------------

### **Kubernetes \& Platform Security**

• Design, implement, and maintain security controls for Kubernetes clusters and containerized workloads.
• Establish and enforce Kubernetes security best practices, including RBAC, Network Policies, Pod Security Standards, admission controllers, and secrets management.
• Secure container images, registries, and deployment pipelines.
• Perform security assessments and hardening of Kubernetes environments.

### **GitOps \& CI/CD Security**

• Implement and maintain secure GitOps workflows using Helm and ArgoCD.
• Integrate security controls into CI/CD pipelines, including automated security scanning and policy enforcement.
• Review deployment processes to ensure compliance with security standards.
• Collaborate with engineering teams to embed DevSecOps practices across the software development lifecycle.

### **Threat Detection \& Incident Response**

• Deploy, manage, and optimize security monitoring and threat detection solutions.
• Configure and maintain runtime security monitoring using Falco.
• Investigate security alerts, incidents, and suspicious activities within cloud\-native environments.
• Develop and maintain incident response procedures and playbooks.

### **Vulnerability Management**

• Manage container and infrastructure vulnerability scanning using Trivy.
• Analyze security findings, prioritize remediation efforts, and coordinate fixes with engineering teams.
• Track vulnerability metrics and ensure timely remediation of critical risks.

### **Security Monitoring \& SIEM**

• Deploy, configure, and maintain Wazuh for security monitoring, log analysis, and compliance reporting.
• Create detection rules, dashboards, and alerts to improve security visibility.
• Correlate events from multiple sources to identify potential threats.

### **Application \& Web Security**

• Implement and maintain Web Application Firewall (WAF) solutions.
• Conduct application security assessments aligned with OWASP Top 10 recommendations.
• Work with development teams to identify and remediate application security vulnerabilities.
• Establish secure coding and deployment practices.

### **Governance, Risk \& Compliance**

• Develop security standards, policies, and operational procedures.
• Support security audits, compliance initiatives, and risk assessments.
• Maintain documentation for security architecture, controls, and operational processes.

• *Required Qualifications**
• --------------------------

### **Technical Skills**

• Strong hands\-on experience with **Kubernetes (K8s)** administration and security.
• Experience with **Helm** and **ArgoCD** in production environments.
• Experience implementing **GitOps** and securing CI/CD pipelines.
• Expertise in **Falco** for runtime threat detection and monitoring.
• Experience with **Trivy** for vulnerability scanning and container security.
• Hands\-on experience with **Wazuh** SIEM/XDR platform.
• Strong understanding of **Web Application Firewalls (WAF)** and **OWASP Top 10** security risks.
• Knowledge of container security, image hardening, and Kubernetes workload protection.
• Experience with Linux system administration and security hardening.
• Familiarity with Infrastructure as Code and automation practices.

### **Security Knowledge**

• Container and Kubernetes security.
• Cloud\-native security architecture.
• Vulnerability management and remediation processes.
• Security monitoring, incident response, and threat hunting.
• Identity and access management principles.
• Secure software development lifecycle (SSDLC).

• *Preferred Qualifications**
• ---------------------------

• Experience working alongside SRE, Platform Engineering, or DevOps teams.
• Security certifications such as:

+ CKS (Certified Kubernetes Security Specialist)

+ CKA (Certified Kubernetes Administrator)

+ CISSP

+ GSEC

+ Security\+

• Experience with cloud platforms (GCP, AWS, or Azure).
• Experience implementing security policies using OPA/Gatekeeper or Kyverno.
• Knowledge of SOC operations and compliance frameworks (ISO 27001, SOC2, PCI\-DSS, NIST).