Staff Kubernetes Security Engineer

Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it. OUR MISSION True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground. OUR VALUES Be the offset. We create asymmetric advantages with creativity and ingenuity. What would it take? We challenge assumptions to deliver ambitious results. It’s the people. Our team is our competitive advantage and we are better together. YOUR MISSION Kubernetes security at the scale and complexity of space operations is genuinely hard — and a lot of it is still unsolved. This role exists to change that. As our Staff Kubernetes Security Engineer, you'll build zero-trust foundations and secure paved paths that enable our platform and development teams to ship safely on Kubernetes. You'll own the security posture of our container orchestration platform across multi-cloud environments, architecting security platforms that define how we operate containers in production. Working as part of the Platform Security team, you'll have broad impact across all teams deploying containerized workloads. This is a hands-on technical leadership role where you'll write production code daily while driving strategic security initiatives. You'll thrive on ambiguously hard problems, give yourself the toughest challenges, and have the technical maturity to drive complex security initiatives from conception to production with minimal direction. You'll be working in an AI-native environment where leveraging AI to accelerate your impact is expected. This position requires the ability to obtain and maintain a security clearance. RESPONSIBILITIES Architect and build security platforms, frameworks, and foundational services used by platform and development teams—making secure patterns the default choice for Kubernetes deployments Drive adoption of security best practices and influence technical direction for Kubernetes security, workload isolation, and container deployment Own the security architecture and posture of our Kubernetes infrastructure across Azure and AWS environments Design and implement secure-by-default infrastructure including pod security policies, network policies, RBAC, admission controllers, and runtime security Build and ship production-grade automation, tooling, CLI utilities, and operators to enforce security best practices and detect threats across our Kubernetes clusters Develop secure Custom Resource Definitions (CRDs), controllers, and Kubernetes operators for security automation and policy enforcement Lead security architecture decisions for workload isolation, secrets management, service mesh security, and supply chain security Design, implement, and operate PKI infrastructure for Kubernetes—including private CA hierarchies, automated certificate lifecycle management (cert-manager), service mesh mTLS certificate rotation, and certificate issuance for workloads and control plane components Partner with Cloud Security Engineer to design and operate unified PKI infrastructure across cloud and container environments—ensuring consistent certificate policies, trust anchors, and operational practices. Collaborate on node IAM , pod service accounts, CNI security, and cloud provider integrations Secure the Kubernetes control plane including API server, etcd, and CNI plugin configurations Design and implement admission webhooks (validating and mutating) for security policy enforcement Identify and drive resolution of complex security challenges in multi-tenant and multi-cluster environments Partner with Platform and development teams to embed security into GitOps workflows and the development lifecycle Stay ahead of emerging container security threats and proactively harden our defenses Develop security testing frameworks and validation tools to continuously verify security controls Leverage AI tools to accelerate development, close knowledge gaps, and push the boundaries of what's possible QUALIFICATIONS Active security clearance or ability to obtain and maintain security clearance. Deep expertise securing production Kubernetes environments at scale, with comprehensive understanding of the container attack surface Extensive experience building Kubernetes operators, CRDs, and controllers—you understand the Kubernetes API and extension mechanisms deeply Deep PKI knowledge with hands-on experience designing and operating certificate infrastructure—including private CA hierarchies, cert-manager deployment and operation, automated certificate rotation for service meshes (Istio/Linkerd), certificate lifecycle management, and X.509/TLS troubleshooting You've built and maintained PKI infrastructure in production, not just consumed managed certificate services Strong software development skills in Go (preferred) and Python with proven track record of building production platforms that engineering teams actually use Strong software engineering fundamentals: comfortable with data structures, algorithms, API design, debugging production systems, and working across multiple languages Track record of building security platforms or foundational services used across multiple engineering teams Hands-on experience with container security tools and frameworks (Falco, OPA, Kyverno, Gatekeeper, service mesh security) Deep understanding of Kubernetes internals: API server security, etcd encryption, CNI plugins, admission webhooks, RBAC, and control plane hardening Experience with GitOps patterns and securing CI/CD pipelines for Kubernetes deployments Experience with cloud security primitives across Azure and/or AWS Practical knowledge of supply chain security, image scanning, admission control, and runtime threat detection Proven ability to independently drive ambiguous, complex security initiatives to completion at staff+ level Track record of giving yourself hard problems and navigating ambiguity with confidence Comfortable diving into unfamiliar codebases and leveraging AI to bridge technical gaps Strong communication skills and ability to influence technical direction across teams WORK ENVIRONMENT Fast-paced, mission-critical environment supporting national security space operations Requires coordination across distributed teams including spacecraft engineers, ground operations, software developers, and government partners May require participation in on-call rotation for security incident response and mission-critical system support Occasional travel to government sites, launch facilities, or partner locations may be required COMPENSATION Colorado Base Salary: $160,000–$220,000 California Base Salary: $165,000–$230,000 for Long Beach, $185,000–$250,000 for SF Bay Area Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. ADDITIONAL REQUIREMENTS Work Location — this role will be onsite at our Denver, SF Bay Area, or Long Beach offices. #LI-Onsite This position will be open until it is successfully filled. To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know. To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.

{
  "content_hash": "d9171d2e2f7eae299780c86d795e61b4df05b2855c5ace87ad246b6399814e3e",
  "source_hash": "5a2bd70c25a4b586c9512986a3cc285c6ff135255be74deb7b1694dce04d2a34",
  "last_changed_at": "2026-05-29T22:56:10.822Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Denver, CO",
    "city": "Denver",
    "region": "CO",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.9
  },
  "salary_max": 220000,
  "salary_min": 160000,
  "inferred_at": "2026-06-06T19:02:29.743Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "Denver, CO",
      "city": "Denver",
      "region": "CO",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.9
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": null,
  "salary_period": "year",
  "workplace_type": "on_site",
  "salary_currency": "USD"
}

{}

{
  "title": "Staff Kubernetes Security Engineer",
  "offices": [
    {
      "id": 4004295007,
      "name": "Denver, CO",
      "location": "Denver, Colorado, United States",
      "child_ids": [],
      "parent_id": null
    },
    {
      "id": 4034792007,
      "name": "Long Beach, CA",
      "location": "Los Angeles, California, United States",
      "child_ids": [],
      "parent_id": null
    }
  ],
  "language": "en",
  "location": {
    "name": "Denver, CO or Long Beach, CA or SF Bay Area, CA"
  },
  "metadata": [],
  "updated_at": "2026-05-28T16:55:17-04:00",
  "departments": [
    {
      "id": 4064551007,
      "name": "Cybersecurity",
      "child_ids": [],
      "parent_id": 4064545007
    }
  ],
  "company_name": "True Anomaly",
  "requisition_id": 4618396007,
  "first_published": "2026-04-14T19:28:27-04:00",
  "application_deadline": null
}