Staff Kubernetes Security Engineer

YOUR MISSION

Kubernetes security at the scale and complexity of space operations is genuinely hard — and a lot of it is still unsolved. This role exists to change that. As our Staff Kubernetes Security Engineer, you'll build zero-trust foundations and secure paved paths that enable our platform and development teams to ship safely on Kubernetes. You'll own the security posture of our container orchestration platform across multi-cloud environments, architecting security platforms that define how we operate containers in production. Working as part of the Platform Security team, you'll have broad impact across all teams deploying containerized workloads.

This is a hands-on technical leadership role where you'll write production code daily while driving strategic security initiatives. You'll thrive on ambiguously hard problems, give yourself the toughest challenges, and have the technical maturity to drive complex security initiatives from conception to production with minimal direction. You'll be working in an AI-native environment where leveraging AI to accelerate your impact is expected.

This position requires the ability to obtain and maintain a security clearance.

RESPONSIBILITIES

• Architect and build security platforms, frameworks, and foundational services used by platform and development teams—making secure patterns the default choice for Kubernetes deployments
• Drive adoption of security best practices and influence technical direction for Kubernetes security, workload isolation, and container deployment
• Own the security architecture and posture of our Kubernetes infrastructure across Azure and AWS environments
• Design and implement secure-by-default infrastructure including pod security policies, network policies, RBAC, admission controllers, and runtime security
• Build and ship production-grade automation, tooling, CLI utilities, and operators to enforce security best practices and detect threats across our Kubernetes clusters
• Develop secure Custom Resource Definitions (CRDs), controllers, and Kubernetes operators for security automation and policy enforcement
• Lead security architecture decisions for workload isolation, secrets management, service mesh security, and supply chain security
• Design, implement, and operate PKI infrastructure for Kubernetes—including private CA hierarchies, automated certificate lifecycle management (cert-manager), service mesh mTLS certificate rotation, and certificate issuance for workloads and control plane components
• Partner with Cloud Security Engineer to design and operate unified PKI infrastructure across cloud and container environments—ensuring consistent certificate policies, trust anchors, and operational practices. Collaborate on node IAM, pod service accounts, CNI security, and cloud provider integrations
• Secure the Kubernetes control plane including API server, etcd, and CNI plugin configurations
• Design and implement admission webhooks (validating and mutating) for security policy enforcement
• Identify and drive resolution of complex security challenges in multi-tenant and multi-cluster environments
• Partner with Platform and development teams to embed security into GitOps workflows and the development lifecycle
• Stay ahead of emerging container security threats and proactively harden our defenses
• Develop security testing frameworks and validation tools to continuously verify security controls
• Leverage AI tools to accelerate development, close knowledge gaps, and push the boundaries of what's possible

QUALIFICATIONS

• Active security clearance or ability to obtain and maintain security clearance.
• Deep expertise securing production Kubernetes environments at scale, with comprehensive understanding of the container attack surface
• Extensive experience building Kubernetes operators, CRDs, and controllers—you understand the Kubernetes API and extension mechanisms deeply
• Deep PKI knowledge with hands-on experience designing and operating certificate infrastructure—including private CA hierarchies, cert-manager deployment and operation, automated certificate rotation for service meshes (Istio/Linkerd), certificate lifecycle management, and X.509/TLS troubleshooting
• You've built and maintained PKI infrastructure in production, not just consumed managed certificate services
• Strong software development skills in Go (preferred) and Python with proven track record of building production platforms that engineering teams actually use
• Strong software engineering fundamentals: comfortable with data structures, algorithms, API design, debugging production systems, and working across multiple languages
• Track record of building security platforms or foundational services used across multiple engineering teams
• Hands-on experience with container security tools and frameworks (Falco, OPA, Kyverno, Gatekeeper, service mesh security)
• Deep understanding of Kubernetes internals: API server security, etcd encryption, CNI plugins, admission webhooks, RBAC, and control plane hardening
• Experience with GitOps patterns and securing CI/CD pipelines for Kubernetes deployments
• Experience with cloud security primitives across Azure and/or AWS
• Practical knowledge of supply chain security, image scanning, admission control, and runtime threat detection
• Proven ability to independently drive ambiguous, complex security initiatives to completion at staff+ level
• Track record of giving yourself hard problems and navigating ambiguity with confidence
• Comfortable diving into unfamiliar codebases and leveraging AI to bridge technical gaps
• Strong communication skills and ability to influence technical direction across teams

WORK ENVIRONMENT 

• Fast-paced, mission-critical environment supporting national security space operations 

• Requires coordination across distributed teams including spacecraft engineers, ground operations, software developers, and government partners 

• May require participation in on-call rotation for security incident response and mission-critical system support 
   
• Occasional travel to government sites, launch facilities, or partner locations may be required 

COMPENSATION 

• Colorado Base Salary: $160,000–$220,000 

• California Base Salary: $165,000–$230,000 

• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave 

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. 

ADDITIONAL REQUIREMENTS 

• Work Location—this role will be onsite at our Denver or Long Beach office.  #LI-Onsite 
   

This position will be open until it is successfully filled.

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. 

True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know.