Website:
ltm.com
Job details:
Skill: Security, Kubernetes, Linux, Container, Devsecops
Experience:8-17 years
Work Location: Mumbai / Pune / Chennai / Hyderabad / Bangalore / Kolkata / Delhi / Noida/ Coimbatore / Indore
Job Description:
Key Responsibilities
- Define and implement Linux & container security baselines: seccomp/AppArmor profiles, Linux capabilities, namespace/cgroup isolation hardening, and secure service/container configurations.
- Lead Kubernetes runtime security: RuntimeClass-based isolation using gVisor/Firecracker/Kata, admission/policy controls, RBAC hardening, network policies, and runtime threat mitigation patterns.
- Build cryptographic trust controls: PKI fundamentals, X.509, signing workflows, signature verification, and integration with KMS/HSM and secrets management systems.
- Implement artifact integrity & supply-chain controls: hashing/signature validation, provenance checks, and secure release processes to ensure artifact authenticity across environments.
- Design secure cloud storage access patterns: pre‑signed URLs (S3/Azure Blob equivalents), IAM-scoped permissions, TTL/expiry controls, and least‑privilege access.
- Provide Python security engineering support: secure imports/dynamic loading, subprocess isolation/sandboxing, service hardening, and dependency risk management (pinning/upgrades/vulnerability remediation).
- Enable CI/CD security automation: automate signing and release workflows, integrate security checks, enforce gating controls, and maintain repeatable secure build/release pipelines.
- Own security testing strategy: negative/abuse-case tests, security regression suites, and performance tests to validate isolation and detect exploitation paths early.
- Lead Linux security debugging in containerized environments: crash/memory triage, native dependency patching, root-cause analysis, and operational hardening recommendations.
- HashiCorp integration (new): implement and operationalize HashiCorp Vault for secrets and key/cert lifecycle (issuance/rotation), and use Terraform + Sentinel (policy-as-code) to enforce secure infrastructure guardrails and compliant releases.
Skills & Experience (Mandatory)
- 10–15 + years in platform security, DevSecOps, SRE/security engineering, or similar production roles.
- Linux & container security: seccomp/AppArmor, capabilities, namespaces/cgroups, container/service baselines.
- Kubernetes runtime security: RuntimeClass isolation (gVisor/Firecracker/Kata), admission/policy controls, RBAC, network policies.
- Cryptography & key management: PKI/X.509, signing/verification, KMS/HSM integration, secrets management.
- Supply-chain integrity: hashing/signature validation, provenance checks, secure release controls.
- Cloud storage security: pre‑signed URLs, IAM scoping, TTL/expiry, least privilege.
- Python security engineering: secure dynamic loading, subprocess isolation/sandboxing, dependency remediation, secure configuration.
- CI/CD security automation: signing/release pipelines, security gates, repeatable secure workflows.
- Linux security debugging: containerized troubleshooting, crash/memory triage, native dependency patching.
- HashiCorp (mandatory): hands‑on with HashiCorp Vault (secrets engines, PKI, auth methods, policies) and Terraform (modules, state, secure IaC patterns); Sentinel (or equivalent) for policy-as-code is a strong plus.
Preferred
- Policy-as-code/governance (OPA/Gatekeeper, Kyverno) and audit evidence automation.
- SBOM/provenance practices and secure supply chain frameworks; experience driving remediation SLAs and security reviews across teams.
- Certifications (CKS/CKA, cloud security, or equivalent).
If interested, please share your updated resume on Nidhi.kumari3@ltm.com.
Click on Apply to know more.