Kubernetes K3s Security & Isolation Engineer
@ Capgemini

Portland, Oregon, United States
$150,000
On Site
Full Time
Posted 23 days ago

Your Application Journey

Personalized Resume
Apply
Email Hiring Manager
Interview

Email Hiring Manager

XXXXXXXXX XXXXXXXXXXX XXXXXXXX****** @capgemini.com
Recommended after applying

Job Details

About the Kubernetes K3s Security & Isolation Engineer Role

Are you passionate about securing the future of cloud-native infrastructure in mission-critical environments? Join our team in Portland, OR, supporting the aerospace industry where security, reliability, and precision are paramount.

Your Role

In this onsite role, you will:

  • Architect and deploy security-first Kubernetes K3s cluster configurations across diverse hardware platforms including x86, ARM, and accelerators.
  • Enforce Linux security modules (SELinux, AppArmor) and sandboxing techniques such as seccomp, gVisor, and Kata.
  • Integrate TPM for secure boot and attestation with support from HSM/KMS systems.
  • Design multi-tenant isolation strategies and apply least privilege policies using RBAC, PodSecurityStandards, and NetworkPolicies.
  • Harden Kubernetes components using CIS and NSA benchmarks and implement kernel-level protections.
  • Secure workload secrets using TPM-backed storage and tools like SealedSecrets and HashiCorp Vault.
  • Enhance supply chain security with image signing, SBOM scanning and CI/CD vulnerability management.
  • Monitor runtime behavior with tools such as Falco and Cilium Tetragon and collaborate on incident response.

Your Skills and Experience

  • Bachelor’s degree in a technical field with 8–10 years experience in infrastructure, security, or systems engineering.
  • Deep expertise in Kubernetes (especially K3s) internals and security architecture.
  • Advanced proficiency in Linux security features and container runtime security.
  • Hands-on experience with TPM for secure operations and integration with cryptographic tools.
  • Strong understanding of Pod Security frameworks, RBAC, and network policies.
  • Familiarity with runtime and supply chain security tools and frameworks.
  • Knowledge of confidential computing, air-gapped deployments and hardened Linux distributions.

Life at Capgemini

Capgemini offers flexible work, comprehensive healthcare, financial well-being programs, paid time off and holidays, paid parental leave, family building benefits, social well-being benefits, mentoring programs, employee resource groups, and disaster relief. Capgemini Engineering is a global leader in innovation and technology transformation with a strong heritage and robust financial performance.

Key skills/competency

  • Kubernetes
  • K3s
  • Security
  • Isolation
  • Linux
  • TPM
  • RBAC
  • Container
  • CI/CD
  • Hardening
Apply without a personalized resume

How to Get Hired at Capgemini

🎯 Tips for Getting Hired

  • Research Capgemini's culture: Study mission, values, and employee testimonials.
  • Tailor your resume: Emphasize Kubernetes security expertise and achievements.
  • Highlight relevant skills: Focus on Linux security and TPM integration.
  • Prepare technical demos: Showcase cluster hardening and isolation projects.
  • Practice interview questions: Be ready for technical and behavioral discussions.

📝 Interview Preparation Advice

Technical Preparation

Review Kubernetes and K3s internals.
Practice Linux security module configurations.
Set up TPM and HSM/KMS integrations.
Simulate cluster hardening scenarios.

Behavioral Questions

Describe teamwork in challenging projects.
Explain prioritization under pressure.
Discuss conflict resolution methods.
Show adaptability to technology changes.

Frequently Asked Questions