Cloud Sec PaC Eng -
You will work closely with Information Security teams, Enterprise Architecture, Cloud Engineering, and external cloud providers on requirements, design, integration, and delivery of Kubernetes and cloud platform security solutions. This position demands a well-organized, action-oriented team player with the ability to prioritize work across multiple initiatives, maintain a strong command of Kubernetes and cloud technologies, and drive end-to-end processes focused on secure, frictionless user experience.
Responsibilities Include:
· Lead the architecture and design of secure Kubernetes platforms (EKS, GKE and hybrid environments - Openshift) across public and private cloud, ensuring scalability, resilience, and compliance.
· Define and implement secure-by-default Kubernetes patterns, including RBAC, network segmentation, workload identity, secrets management, and policy-as-code (OPA/Gatekeeper).
· Develop and standardize Kubernetes security reference architectures, blueprints, and reusable modules aligned with enterprise architecture and governance standards.
· Lead proof-of-concept initiatives to assess emerging Kubernetes and container security solutions, translating findings into scalable enterprise capabilities.
· Drive risk assessment and remediation strategies by evaluating Kubernetes and cloud security posture against CIS benchmarks, Cloud Control Matrix, and enterprise policies.
· Contribute to and enhance platform automation, leveraging Infrastructure-as-Code and policy-as-code to enforce consistent security controls at scale.
· Act as a technical SME and advisor, supporting application teams in designing and deploying secure containerized workloads.
· Partner with Engineering, Cloud Platform, and InfoSec teams to embed security into Kubernetes platforms and developer workflows, enabling secure and frictionless adoption.
Required Skills/Experience
6+ years of experience in cloud engineering and security, with hands-on expertise across Openshift, AWS, GCP and Kubernetes-based platforms.
· Strong experience securing Kubernetes/EKS/GKE environments, including:
· RBAC and workload identity
· Network policies and segmentation
· Pod security standards
· Policy-as-code (OPA/Gatekeeper, Hashi Sentinel/Cloud Native policy) Development
· Experience with container and runtime security, including vulnerability management, image scanning, and workload protection.
· Deep understanding of cloud-native architecture, including containers, microservices, serverless, and multi-cloud design patterns.
· Familiarity with security frameworks and standards such as CIS Benchmarks, Cloud Control Matrix (CCM), and Kubernetes security best practices.
· Experience integrating security into CI/CD pipelines and DevSecOps workflows.
· Strong knowledge of networking and cloud security fundamentals, including VPC design, segmentation, and secure communication patterns.
· Experience working in Agile environments, collaborating across engineering, platform, and security teams.
· Strong problem-solving skills with the ability to design and deliver scalable, secure solutions in complex environments.
· Experience with service mesh, zero trust arch and GitOps
Educational Requirement:
· Bachelor’s Degree in computer science, computer engineering, or related field; or equivalent experience.
· Kubernetes certifications (e.g., CKA, CKAD, CKS) or equivalent hands-on experience.
· Relevant certifications (e.g., CCSP, CISSP, AWS Security Specialty, GCP Security Specialty)
