What are the responsibilities and job description for the Cyber Security Engineer position at ExecutivePlacements.com?
Responsibilities
- Standards & Policy Development Author, maintain, and socialize container security standards, baseline configurations, and operational runbooks. Define control requirements for Kubernetes clusters and Docker runtimes (networking, RBAC, secrets, compliance, logging).
- Control Design & Implementation Engineer and deploy container-specific security controls across the estate (on-prem & cloud), including: Kubernetes RBAC, NetworkPolicies, PodSecurity standards (or replacements), admission controls (OPA/Gatekeeper/Kyverno). Image security (registry governance, signing/verification, SBOM, vulnerability management). Runtime protection (CIS benchmarks, syscall/behavior policies, workload isolation, secrets management). Secure CI/CD integrations (image scanning gates, IaC security checks, policy-as-code).
- Operational Support Own day-to-day health and performance of deployed controls; troubleshoot issues with clusters, workloads, and pipelines. Partner with platform engineering/SRE to triage, remediate, and tune policies without breaking delivery velocity.
- Documentation & Enablement Produce clear, actionable documentation: standards, architecture diagrams, procedures, FAQs, and "how-to guides. Provide guidance and training to engineering teams to adopt secure-by-default patterns.
- Broader Cybersecurity Support Contribute to vulnerability management, incident response (for containerized workloads), audit support, and control assurance. Participate in threat modeling for new services and changes.
- OS Expertise: Proficient in both Windows and Linux administration and security fundamentals.
- Containers: 3 years hands-on experience with Docker and Kubernetes (design, deployment, security hardening).
- Security Engineering: Proven ability to design, implement, and operationalize technical controls in production environments.
- Networking & Access Control: Solid grasp of container networking (CNI), service-to-service policies, identity/RBAC, and secrets handling.
- DevSecOps Mindset: Experience integrating security into CI/CD (e.g., image scanning, policy gates, IaC checks).
- Documentation: Strong technical writing skills (standards, procedures, diagrams).
- Work Style: Able to work independently with minimal oversight; strong ownership and follow-through.
- Cloud: Experience with Microsoft Azure (AKS, ACR, Azure Defender/Defender for Cloud, Key Vault, Azure Policy).
- Security Tools & Frameworks: Familiarity with: Admission/policy tools (OPA/Gatekeeper, Kyverno), image scanning (Trivy, Aqua, Prisma, Clair), SBOM (CycloneDX). Kubernetes security benchmarks (CIS), Pod Security standards, runtime protection.
- Infrastructure as Code & Automation: Terraform, Bicep/ARM, Helm; GitHub Actions/Azure DevOps pipelines.
- Logging/Monitoring: Experience with centralized logging and metrics for containers (e.g., Prometheus, Grafana, ELK/EFK).
- Compliance & Assurance: Experience mapping controls to frameworks (CIS, NIST CSF, ISO 27001, PCI, SOC 2) for containerized workloads.
- Certifications (nice to have): AZ-500, CKA/CKS, Security , CISSP, CCSP.
- Technical Depth & Pragmatism: Balances strong security posture with developer productivity and uptime.
- Problem Solving: Able to diagnose complex production issues across networking, policy, identity, and runtime.
- Communication: Explains trade-offs, documents clearly, and influences stakeholders.
- Ownership & Autonomy: Drives initiatives end to endrequirements, build, deploy, monitor, and improve.