Platform Security Engineer

Skill: Security, Kubernetes, Linux, Container, Devsecops

Experience:8-17 years

Work Location: Mumbai / Pune / Chennai / Hyderabad / Bangalore / Kolkata / Delhi / Noida/ Coimbatore / Indore

Job Description:

Key Responsibilities

• Define and implement Linux & container security baselines: seccomp/AppArmor profiles, Linux capabilities, namespace/cgroup isolation hardening, and secure service/container configurations.
• Lead Kubernetes runtime security: RuntimeClass-based isolation using gVisor/Firecracker/Kata, admission/policy controls, RBAC hardening, network policies, and runtime threat mitigation patterns.
• Build cryptographic trust controls: PKI fundamentals, X.509, signing workflows, signature verification, and integration with KMS/HSM and secrets management systems.
• Implement artifact integrity & supply-chain controls: hashing/signature validation, provenance checks, and secure release processes to ensure artifact authenticity across environments.
• Design secure cloud storage access patterns: pre‑signed URLs (S3/Azure Blob equivalents), IAM-scoped permissions, TTL/expiry controls, and least‑privilege access.
• Provide Python security engineering support: secure imports/dynamic loading, subprocess isolation/sandboxing, service hardening, and dependency risk management (pinning/upgrades/vulnerability remediation).
• Enable CI/CD security automation: automate signing and release workflows, integrate security checks, enforce gating controls, and maintain repeatable secure build/release pipelines.
• Own security testing strategy: negative/abuse-case tests, security regression suites, and performance tests to validate isolation and detect exploitation paths early.
• Lead Linux security debugging in containerized environments: crash/memory triage, native dependency patching, root-cause analysis, and operational hardening recommendations.
• HashiCorp integration (new): implement and operationalize HashiCorp Vault for secrets and key/cert lifecycle (issuance/rotation), and use Terraform + Sentinel (policy-as-code) to enforce secure infrastructure guardrails and compliant releases.

Skills & Experience (Mandatory)

• 10–15 + years in platform security, DevSecOps, SRE/security engineering, or similar production roles.
• Linux & container security: seccomp/AppArmor, capabilities, namespaces/cgroups, container/service baselines.
• Kubernetes runtime security: RuntimeClass isolation (gVisor/Firecracker/Kata), admission/policy controls, RBAC, network policies.
• Cryptography & key management: PKI/X.509, signing/verification, KMS/HSM integration, secrets management.
• Supply-chain integrity: hashing/signature validation, provenance checks, secure release controls.
• Cloud storage security: pre‑signed URLs, IAM scoping, TTL/expiry, least privilege.
• Python security engineering: secure dynamic loading, subprocess isolation/sandboxing, dependency remediation, secure configuration.
• CI/CD security automation: signing/release pipelines, security gates, repeatable secure workflows.
• Linux security debugging: containerized troubleshooting, crash/memory triage, native dependency patching.
• HashiCorp (mandatory): hands‑on with HashiCorp Vault (secrets engines, PKI, auth methods, policies) and Terraform (modules, state, secure IaC patterns); Sentinel (or equivalent) for policy-as-code is a strong plus.

Preferred

• Policy-as-code/governance (OPA/Gatekeeper, Kyverno) and audit evidence automation.
• SBOM/provenance practices and secure supply chain frameworks; experience driving remediation SLAs and security reviews across teams.
• Certifications (CKS/CKA, cloud security, or equivalent).

If interested, please share your updated resume on [Confidential Information].