Kubernetes K3s Security & Isolation Engineer presso Capgemini Engineering

%3Ch4%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3E%3Cspan style=%22line-height:115%;%22%3EAbout the job you%27re considering%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/span%3E%3C/h4%3E%3Cp%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EAre you passionate about securing the future of cloud-native infrastructure in mission-critical environments? Join our team in Portland, OR, as a Kubernetes K3s Security %26amp; Isolation Engineer supporting the aerospace industry, where security, reliability, and precision are paramount. In this onsite role, you’ll focus on hardening and isolating K3s clusters to minimize blast radius in the event of compromise. This includes enforcing Linux security modules like SELinux and AppArmor, leveraging Trusted Platform Module (TPM) for secure boot and attestation, implementing least privilege across nodes and workloads, and ensuring multi-tenant isolation within hybrid Kubernetes environments—spanning x86, ARM, and accelerator-based architectures. You’ll work hands-on with cutting-edge technologies and collaborate with cross-functional teams to build resilient, secure infrastructure that supports aerospace innovation.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/p%3E%3Ch4%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3E%3Cspan style=%22line-height:115%;%22%3EYour role%3C/span%3E%3C/span%3E%3C/h4%3E%3Cul%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EArchitect and deploy security-first Kubernetes K3s cluster configurations across diverse hardware platforms, including x86, ARM, and accelerators.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EEnforce Linux security modules (SELinux, AppArmor) and sandboxing techniques (seccomp, gVisor, Kata) to protect workloads and system services.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:Symbol;font-size:11px;%22%3E%3Cspan style=%22font:7.0pt %26quot;Times New Roman%26quot;;mso-bidi-font-family:Symbol;mso-fareast-font-family:Symbol;mso-list:Ignore;%22%3E%26nbsp;%3C/span%3E%3C/span%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EIntegrate TPM for secure boot and attestation, ensuring hardware and OS integrity, and support cryptographic operations with HSM/KMS systems.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EDesign multi-tenant isolation strategies using namespaces, node pools, and hardware partitioning to prevent lateral movement and reduce blast radius.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EApply least-privilege policies using RBAC, PodSecurityStandards, NetworkPolicies, and resource constraints to secure workload execution and mitigate denial-of-service risks.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EHarden Kubernetes components (API server, etcd, kubelet) using CIS and NSA benchmarks, and implement kernel-level protections like seccomp-bpf and IMA/EVM.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3ESecure workload secrets using TPM-backed storage and tools like SealedSecrets, HashiCorp Vault, or SOPS for safe distribution and access control.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EStrengthen supply chain security through image signing (cosign, Notary), SBOM scanning, and CI/CD vulnerability management.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EMonitor runtime behavior with tools like Falco and Cilium Tetragon, and collaborate with SRE and Security teams to develop incident response runbooks and conduct breach simulation drills.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3C/ul%3E%3Ch4%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3E%3Cspan style=%22line-height:115%;%22%3EYour skills and experience%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/span%3E%3C/h4%3E%3Cul%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EBachelor’s degree in Computer Science, Engineering, or a related technical field, with 8–10 years of experience in infrastructure, security, or systems engineering.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EDeep expertise in Kubernetes (especially K3s) internals, including cluster hardening, multi-tenant isolation, and security architecture.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EAdvanced proficiency in Linux security features such as SELinux, AppArmor, seccomp, and kernel-level protections.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EHands-on experience with TPM for secure boot, attestation, and integration with HSM/KMS for cryptographic operations and secrets management.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EStrong understanding of Pod Security frameworks (PodSecurityStandards, OPA, Gatekeeper, Kyverno) and implementation of RBAC, NetworkPolicies, and workload isolation at scale.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EFamiliarity with container runtimes (containerd, CRI-O, gVisor, Kata) and their security implications in hybrid environments.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EExperience with runtime and supply chain security tools and frameworks, including Falco, Cilium Tetragon, cosign, Notary, SLSA, and NIST 800-190.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:%26quot;Arial%26quot;,sans-serif;font-size:11px;%22%3EKnowledge of confidential computing (TEE, SGX, SEV), air-gapped deployments, and hardened Linux distributions like Flatcar and Bottlerocket.%3Co:p%3E%3C/o:p%3E%3C/span%3E%3C/li%3E%3C/ul%3E%3Ch4%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3E%3Cstrong%3ELife at Capgemini%3C/strong%3E%3C/span%3E%3C/h4%3E%3Ch4%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3ECapgemini supports all aspects of your well-being throughout the changing stages of your life and career. For eligible employees, we offer:%3C/span%3E%3C/h4%3E%3Cul%3E%3Cli%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EFlexible work%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EHealthcare including dental, vision, mental health, and well-being programs%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EFinancial well-being programs such as 401(k) and Employee Share Ownership Plan%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EPaid time off and paid holidays%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EPaid parental leave%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EFamily building benefits like adoption assistance, surrogacy, and cryopreservation%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3ESocial well-being benefits like subsidized back-up child/elder care and tutoring%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EMentoring, coaching and learning programs%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EEmployee Resource Group%3C/span%3E%3C/li%3E%3Cli%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EDisaster Relief%3C/span%3E%3C/li%3E%3C/ul%3E%3Ch4%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3E%3Cstrong%3EAbout Capgemini Engineering%3C/strong%3E%3C/span%3E%3C/h4%3E%3Cp%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EWorld leader in engineering and R%26amp;D services, Capgemini Engineering combines its broad industry knowledge and cutting-edge technologies in digital and software to support the convergence of the physical and digital worlds. Coupled with the capabilities of the rest of the Group, it helps clients to accelerate their journey towards Intelligent Industry. Capgemini Engineering has 65,000 engineer and scientist team members in over 30 countries across sectors including Aeronautics, Space, Defense, Naval, Automotive, Rail, Infrastructure %26amp; Transportation, Energy, Utilities %26amp; Chemicals, Life Sciences, Communications, Semiconductor %26amp; Electronics, Industrial %26amp; Consumer, Software %26amp; Internet.%3C/span%3E%3C/p%3E%3Cp%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3ECapgemini Engineering is an integral part of the Capgemini Group, a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, generative AI, cloud and data, combined with its deep industry expertise and partner ecosystem. The Group reported 2024 global revenues of €22.1 billion.%3C/span%3E%3C/p%3E%3Ch4%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EGet the future you want | %3C/span%3E%3Ca target=%22_blank%22 rel=%22noopener noreferrer%22 href=%22https://www.capgemini.com%22%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3Ewww.capgemini.com%3C/span%3E%3C/a%3E%3C/h4%3E%3Ch4%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3E%3Cstrong%3EDisclaimer%3C/strong%3E%3C/span%3E%3C/h4%3E%3Cp%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3ECapgemini is an Equal Opportunity Employer encouraging inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law. This is a general description of the Duties, Responsibilities and Qualifications required for this position. Physical, mental, sensory or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Capgemini will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.%3C/span%3E%3C/p%3E%3Cp%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3ECapgemini is committed to providing reasonable accommodations during our recruitment process. If you need assistance or accommodation, please reach out to your recruiting contact.Please be aware that Capgemini may capture your image (video or screenshot) during the interview process and that image may be used for verification, including during the hiring and onboarding process.Click the following link for more information on your rights as an Applicant %3C/span%3E%3Ca target=%22_blank%22 rel=%22noopener noreferrer%22 href=%22http://www.capgemini.com/resources/equal-employment-opportunity-is-the-law%22%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3Ehttp://www.capgemini.com/resources/equal-employment-opportunity-is-the-law%3C/span%3E%3C/a%3E%3Cspan style=%22font-family:Arial, Helvetica, sans-serif;font-size:11px;%22%3EApplicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.%3C/span%3E%3C/p%3E Candidarsi ora