Apply on Employer Site

Expedite Talent Solutions · 2 days ago

US_East | Platform Engineering - Linux/Unix Admin_L3

Bloomfield, NJ

Full-time

Onsite

Mid Level

Expedite Talent Solutions is looking for a K3s Security Engineer to enhance the security of K3s clusters. The role involves implementing security measures, hardening clusters, and ensuring isolation within Kubernetes environments.

Cloud ComputingProfessional ServicesLogisticsIT ManagementWarehousing

Responsibilities

Design and implement security-first cluster configurations for K3s nodes

Enforce mandatory access control (MAC) using SELinux and AppArmor profiles for pods and system services

Integrate TPM-based attestation and secure boot for cluster nodes to ensure trust in hardware and OS integrity

Establish node, pod, and namespace isolation strategies to reduce lateral movement risk

Harden cluster components (API server, etcd, kubelet) following CIS and NSA Kubernetes security benchmarks

Define and enforce workload sandboxing strategies (seccomp, AppArmor, SELinux contexts, gVisor/Kata if applicable)

Configure minimal privilege policies (RBAC, PodSecurityStandards, NetworkPolicies) to ensure least-privilege execution

Implement namespace, node pool, and hardware partitioning to confine workloads and protect sensitive applications

Apply resource quotas, limits, and scheduling constraints to contain denial-of-service blast radius

Work with Security team to ensure strong identity, authentication, and authorization models

Integrate TPM-backed secrets storage and HSM/KMS systems for cryptographic operations

Ensure secure distribution of workload secrets with solutions like SealedSecrets, HashiCorp Vault, or SOPS

Enforce image signing and verification with cosign or Notary

Integrate SBOM scanning and vulnerability management into CI/CD pipelines

Monitor workloads for runtime anomalies (Falco, Cilium Tetragon, or equivalent)

Apply kernel hardening measures (seccomp-bpf, kernel lockdown, IMA/EVM with TPM)

Build observability hooks for security events (audit logs, syscall monitoring, TPM attestations)

Define blast radius response runbooks for compromised pods or nodes

Work with SRE and Security teams to test chaos/security drills simulating breaches

Qualification

K3s/Kubernetes securitySELinuxAppArmorTPMRBACPod SecurityNetworkPoliciesLinux kernel securityIncident responseContainer runtimesSupply chain securityRuntime security tools

Required

Strong knowledge of K3s/Kubernetes internals, especially security features

Hands-on experience with SELinux, AppArmor, seccomp, and Linux capabilities

Experience with TPM (Trusted Platform Module) for secure boot and attestation

Deep understanding of Pod Security (PodSecurityPolicies/Standards, OPA/Gatekeeper/Kyverno)

Experience implementing RBAC, NetworkPolicies, and workload isolation at scale

Proficiency in Linux kernel security mechanisms and debugging

Familiarity with container runtimes (containerd, CRI-O, gVisor, Kata) and their security implications

Strong background in incident response, forensic data collection, and audit logging in Kubernetes

Preferred

Contributions to Kubernetes SIG-Security or open-source security tooling

Experience with supply chain security frameworks (SLSA, NIST 800-190)

Familiarity with confidential computing (TEE/SGX/SEV) for workload isolation

Hands-on with Cilium Tetragon, Falco, or other runtime security tools

Knowledge of air-gapped deployments and hardened Linux distributions (e.g., Flatcar, Bottlerocket)

Company

Expedite Talent Solutions

Expedite Talent Solutions is a minority- and woman-owned firm delivering agile staffing, project outsourcing, and professional services to clients across the Healthcare, Commercial, and Public Sectors.

Founded in 2009

Alpharetta, Georgia, USA

51-200 employees

https://www.expediteinc.com

Funding

Current Stage

Growth Stage

Leadership Team

Sandeep Singh

Associate Director / Sr. Client Partner

Company data provided by crunchbase