Full-Time Product Security Engineer (Kubernetes)

We are seeking a talented and experienced Product Security Engineer specializing in Kubernetes to join our team in Poznań, Poland.

Responsibilities:

• Perform penetration testing on Kubernetes workloads and containerized environments to identify and address vulnerabilities.
• Strengthen the security of Kubernetes clusters by evaluating configurations, implementing best practices, and addressing runtime security concerns.
• Prioritize and remediate vulnerabilities across Kubernetes clusters and related components, collaborating closely with engineering teams.
• Drive efforts to meet and maintain industry security certifications (e.g., SOC 2, ISO 27001) and ensure alignment with Kubernetes security benchmarks.
• Work cross-functionally with product and engineering teams to embed security throughout the development lifecycle.
• Create and maintain a long-term security strategy that addresses emerging threats and aligns with company-wide security initiatives.
• Monitor developments in Kubernetes security and implement relevant improvements.
• Support sales and customer teams by explaining security features and addressing customer concerns about security or compliance.
• Contribute to the development of secure coding practices and provide feedback on vulnerability fixes.

Qualifications:

• Minimum of 5 years of experience in application security, penetration testing, or a related role, with a focus on Kubernetes or containerized environments.
• Deep understanding of Kubernetes architecture, including components like kubelet, kube-apiserver, etcd, and networking within Kubernetes clusters.
• Proven ability to conduct penetration tests in Kubernetes and containerized environments, identifying and remediating vulnerabilities.
• Strong programming or scripting skills (e.g., Python, Go) for automating security testing and remediation in Kubernetes environments.
• Experience with cloud platforms (AWS, Azure, GCP) and their Kubernetes offerings (e.g., EKS, AKS, GKE).
• Knowledge of compliance standards and security frameworks relevant to Kubernetes environments.
• Familiarity with DevSecOps practices and CI/CD pipeline security integration.
• Excellent communication skills for engaging with internal stakeholders and external customers.
• Analytical mindset with a detail-oriented approach to problem-solving.
• Collaborative spirit and ability to work effectively in cross-functional teams.

Preferred Certifications:

• Offensive Security Certified Professional (OSCP)
• GIAC Kubernetes and Cloud-Native Security (GKS)
• Certified Kubernetes Security Specialist (CKS)
• Offensive Security Web Expert (OSWE)
• GIAC Web Application Penetration Tester (GWAPT)

Additional Qualifications:

• Experience contributing to or maintaining open-source Kubernetes-related projects.
• Proven track record of implementing innovative security solutions in complex environments.

What is the last date for applying to the job?

Which countries are accepted for this remote job?