Platform Security Engineer

Skill: Security, Kubernetes, Linux, Container, Devsecops Experience:8-17 years Work Location: Mumbai / Pune / Chennai / Hyderabad / Bangalore / Kolkata / Delhi / Noida/ Coimbatore / Indore Job Description: Key Responsibilities Define and implement Linux & container security baselines : seccomp/AppArmor profiles, Linux capabilities, namespace/cgroup isolation hardening, and secure service/container configurations. Lead Kubernetes runtime security : RuntimeClass-based isolation using gVisor/Firecracker/Kata , admission/policy controls, RBAC hardening, network policies, and runtime threat mitigation patterns. Build cryptographic trust controls : PKI fundamentals, X.509, signing workflows, signature verification, and integration with KMS/HSM and secrets management systems.

Implement artifact integrity & supply-chain controls : hashing/signature validation, provenance checks, and secure release processes to ensure artifact authenticity across environments. Design secure cloud storage access patterns : pre‑signed URLs (S3/Azure Blob equivalents), IAM-scoped permissions, TTL/expiry controls, and least‑privilege access. Provide Python security engineering support: secure imports/dynamic loading, subprocess isolation/sandboxing, service hardening, and dependency risk management (pinning/upgrades/vulnerability remediation).

Enable CI/CD security automation : automate signing and release workflows, integrate security checks, enforce gating controls, and maintain repeatable secure build/release pipelines. Own security testing strategy : negative/abuse-case tests, security regression suites, and performance tests to validate isolation and detect exploitation paths early. Lead Linux security debugging in containerized environments: crash/memory triage, native dependency patching, root-cause analysis, and operational hardening recommendations.

HashiCorp integration (new): implement and operationalize HashiCorp Vault for secrets and key/cert lifecycle (issuance/rotation), and use Terraform Sentinel (policy-as-code) to enforce secure infrastructure guardrails and compliant releases. Skills & Experience (Mandatory) 10–15 years in platform security, DevSecOps, SRE/security engineering, or similar production roles. Linux & container security: seccomp/AppArmor, capabilities, namespaces/cgroups, container/service baselines.

Kubernetes runtime security: RuntimeClass isolation (gVisor/Firecracker/Kata), admission/policy controls, RBAC, network policies. Cryptography & key management: PKI/X.509, signing/verification, KMS/HSM integration, secrets management. Supply-chain integrity: hashing/signature validation, provenance checks, secure release controls.

Cloud storage security: pre‑signed URLs, IAM scoping, TTL/expiry, least privilege. Python security engineering: secure dynamic loading, subprocess isolation/sandboxing, dependency remediation, secure configuration. CI/CD security automation: signing/release pipelines, security gates, repeatable secure workflows.

Linux security debugging: containerized troubleshooting, crash/memory triage, native dependency patching. HashiCorp (mandatory): hands‑on with HashiCorp Vault (secrets engines, PKI, auth methods, policies) and Terraform (modules, state, secure IaC patterns); Sentinel (or equivalent) for policy-as-code is a strong plus. Preferred Policy-as-code/governance (OPA/Gatekeeper, Kyverno) and audit evidence automation.

SBOM/provenance practices and secure supply chain frameworks; experience driving remediation SLAs and security reviews across teams. Certifications (CKS/CKA, cloud security, or equivalent). If interested, please share your updated resume on [email protected].