K3s Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Patton Labs Inc · 8 hours ago

K3s Security Engineer

positionPortland, Oregon Metropolitan Area
timeContract
remoteOnsite
seniorityMid, Senior Level

Patton Labs Inc is focused on enhancing security measures within K3s clusters. The Security Engineer will be responsible for hardening and isolating K3s clusters, implementing security policies, and ensuring secure operations in hybrid Kubernetes environments.

Cloud Data ServicesData ManagementInformation ServicesInformation TechnologyStaffing Agency
check
H1B Sponsor Likelynote

Responsibilities

Design and implement security-first cluster configurations for K3s nodes
Enforce mandatory access control (MAC) using SELinux and AppArmor profiles for pods and system services
Integrate TPM-based attestation and secure boot for cluster nodes to ensure trust in hardware and OS integrity
Establish node, pod, and namespace isolation strategies to reduce lateral movement risk
Harden cluster components (API server, etcd, kubelet) following CIS and NSA Kubernetes security benchmarks
Define and enforce workload sandboxing strategies (seccomp, AppArmor, SELinux contexts, gVisor/Kata if applicable)
Configure minimal privilege policies (RBAC, PodSecurityStandards, NetworkPolicies) to ensure least-privilege execution
Implement namespace, node pool, and hardware partitioning to confine workloads and protect sensitive applications
Apply resource quotas, limits, and scheduling constraints to contain denial-of-service blast radius
Work with Security team to ensure strong identity, authentication, and authorization models
Integrate TPM-backed secrets storage and HSM/KMS systems for cryptographic operations
Ensure secure distribution of workload secrets with solutions like SealedSecrets, HashiCorp Vault, or SOPS
Enforce image signing and verification with cosign or Notary
Integrate SBOM scanning and vulnerability management into CI/CD pipelines
Monitor workloads for runtime anomalies (Falco, Cilium Tetragon, or equivalent)
Apply kernel hardening measures (seccomp-bpf, kernel lockdown, IMA/EVM with TPM)
Build observability hooks for security events (audit logs, syscall monitoring, TPM attestations)
Define blast radius response runbooks for compromised pods or nodes
Work with SRE and Security teams to test chaos/security drills simulating breaches

Qualification

K3s/Kubernetes securitySELinuxAppArmorRBACLinux kernel securityTPMPod SecurityNetworkPoliciesContainer runtimesIncident responseForensic data collectionAudit logging

Required

Strong knowledge of K3s/Kubernetes internals, especially security features
Hands-on experience with SELinux, AppArmor, seccomp, and Linux capabilities
Experience with TPM (Trusted Platform Module) for secure boot and attestation
Deep understanding of Pod Security (PodSecurityPolicies/Standards, OPA/Gatekeeper/Kyverno)
Experience implementing RBAC, NetworkPolicies, and workload isolation at scale
Proficiency in Linux kernel security mechanisms and debugging
Familiarity with container runtimes (containerd, CRI-O, gVisor, Kata) and their security implications
Strong background in incident response, forensic data collection, and audit logging in Kubernetes

Preferred

Contributions to Kubernetes SIG-Security or open-source security tooling
Experience with supply chain security frameworks (SLSA, NIST 800-190)
Familiarity with confidential computing (TEE/SGX/SEV) for workload isolation
Hands-on with Cilium Tetragon, Falco, or other runtime security tools
Knowledge of air-gapped deployments and hardened Linux distributions (e.g., Flatcar, Bottlerocket)

Company

Patton Labs Inc

twittertwitter
company-logo
Patton Labs Technology Center of Excellence (PLTCOE) is founded on the vision of adapting to the changing IT services and technology industry at a pace that is consistent with the industry progress and service sector demands.
dateFounded in 2011
location
Wixom, Michigan, USA
people-size201-500 employees
web-link
https://pattonlabs.com/

H1B Sponsorship

Patton Labs Inc has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (23)
2024 (30)
2023 (35)
2022 (42)
2021 (23)
2020 (23)

Funding

Current Stage
Growth Stage
Company data provided by crunchbase