SIGN IN
US_East | Platform Engineering - Linux/Unix Admin_L3 jobs in United States
info-icon
This job has closed.
company-logo

Datum Technologies Group · 2 days ago

US_East | Platform Engineering - Linux/Unix Admin_L3

positionIL
timeFull-time
remoteOnsite
senioritySenior Level
Datum Technologies Group is seeking a K3s Security Engineer focused on hardening and isolating K3s clusters to enhance security. The role involves implementing security configurations, managing identity and secrets, and ensuring runtime security for Kubernetes environments.
Human ResourcesInformation TechnologyRecruitingStaffing Agency
check
Senior Management
check
H1B Sponsor Likelynote

Responsibilities

Design and implement security-first configurations for K3s cluster nodes
Enforce mandatory access control (MAC) using SELinux and AppArmor profiles for pods and system services
Integrate TPM-based secure boot and attestation to validate hardware and OS integrity
Establish node, pod, and namespace isolation strategies to reduce lateral movement risk
Harden cluster components (API server, etcd, kubelet) in accordance with CIS and NSA Kubernetes security benchmarks
Define and enforce workload sandboxing strategies (seccomp, AppArmor, SELinux contexts, gVisor/Kata, where applicable)
Configure least-privilege policies using RBAC, Pod Security Standards, and NetworkPolicies
Implement namespace, node pool, and hardware partitioning to isolate sensitive workloads
Apply resource quotas, limits, and scheduling constraints to mitigate denial-of-service risks
Collaborate with the Security team to implement strong authentication and authorization models
Integrate TPM-backed secrets storage and HSM/KMS solutions for cryptographic operations
Ensure secure secrets distribution using tools such as Sealed Secrets, HashiCorp Vault, or SOPS
Enforce container image signing and verification using tools such as Cosign or Notary
Integrate SBOM scanning and vulnerability management into CI/CD pipelines
Monitor runtime activity for anomalies using Falco, Cilium Tetragon, or equivalent tools
Apply kernel hardening techniques, including seccomp-bpf, kernel lockdown, and IMA/EVM with TPM
Build observability for security events, including audit logs, syscall monitoring, and TPM attestations
Develop and maintain blast-radius response runbooks for compromised pods or nodes
Partner with SRE and Security teams to conduct security drills and breach simulations

Qualification

K3s/Kubernetes securitySELinuxTPMRBACLinux kernel securityContainer runtimesIncident responseAudit loggingForensic analysisSupply chain security

Required

Strong knowledge of K3s/Kubernetes internals, with emphasis on security features
Hands-on experience with SELinux, AppArmor, seccomp, and Linux capabilities
Experience working with TPM (Trusted Platform Module) for secure boot and attestation
Deep understanding of Kubernetes Pod Security (Pod Security Policies/Standards, OPA/Gatekeeper, Kyverno)
Proven experience implementing RBAC, NetworkPolicies, and workload isolation at scale
Proficiency in Linux kernel security mechanisms and troubleshooting
Familiarity with container runtimes such as containerd, CRI-O, gVisor, and Kata Containers
Strong background in Kubernetes incident response, forensic analysis, and audit logging

Preferred

Contributions to Kubernetes SIG-Security or open-source security projects
Experience with supply chain security frameworks (SLSA, NIST 800-190)
Familiarity with confidential computing technologies (TEE, SGX, SEV)
Hands-on experience with runtime security tools such as Cilium Tetragon or Falco
Knowledge of air-gapped deployments and hardened Linux distributions (e.g., Flatcar, Bottlerocket)

Company

Datum Technologies Group

twittertwittertwitter
company-logo
Datum Technologies Group provides technology solutions, managed services, government contracting, and IT staffing services.
dateFounded in 2001
location
Atlanta, Georgia, USA
people-size201-500 employees
web-link
https://datumtg.com

H1B Sponsorship

Datum Technologies Group has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2024 (4)
2023 (13)
2022 (10)
2021 (22)
2020 (20)

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Latha Ganeshan
CEO & President
linkedin
leader-logo
Alton Bunn Jr
AOC OSC Network Administrator
linkedin
Company data provided by crunchbase