Security & DR Automation Engineer

Job Summary:

Must have skills:

Python/Go/Bash scripting, OPA Rego policy writing, CI integration for Trivy & kube-bench, GitOps

Kubernetes internals, RBAC, pod security, and multi-tenant best practices

Good to have skills(Secondary) : Linux systems administration, OS hardening, and secure bootstrapping

We are seeking a Senior Infrastructure Security Compliance Engineer with 10 years of experience in infrastructure and platform automation to lead the ZeroTouch Build, Upgrade, and Certification pipeline for our on-premises GPU cloud environment. This role focuses on integrating security scanning, policy enforcement, compliance validation, and backup automation into a fully GitOps-managed GPU cloud stack, spanning hardware, OS, and Kubernetes platform layers.

Key Responsibilities

Design and implement GitOps-native workflows to automate security compliance and backup validation throughout the GPU cloud lifecycle.

Integrate Trivy into CI/CD pipelines for container and system image vulnerability scanning.

Automate kubebench execution and remediation workflows to enforce Kubernetes security benchmarks (CIS/STIG).

Define and enforce policy-as-code using OPA Gatekeeper to validate cluster and workload configurations.

Deploy and manage Velero for Kubernetes-native backup and disaster recovery operations.

Ensure all compliance scanning and backup logic is declarative and auditable via Git-backed repositories.

Collaborate with infrastructure, platform, and security teams to define security baselines, enforce drift detection, and integrate automated guardrails.

Drive remediation automation and post-validation gates across build, upgrade, and certification pipelines.

Monitor evolving security threats and regularly update tooling to detect vulnerabilities, misconfigurations, and compliance drift.

Required Skills & Experience

10 years of hands-on experience in infrastructure/platform automation and systems security.

Strong proficiency in Python, Go, or Bash scripting, OPA Rego policy writing, and CI integration for Trivy, kubebench, and GitOps.

In-depth knowledge and practical experience with:

Trivy – container, filesystem, and configuration scanning.

kubebench – Kubernetes CIS benchmark compliance.

Velero – Kubernetes-native backup and disaster recovery.

OPA Gatekeeper – policy-as-code and admission control.

Deep understanding of GitOps workflows (e.g., Argo CD, Flux) and integrating security tools declaratively.

Proven experience automating security compliance and backup validation within CI/CD pipelines.

Strong foundation in Kubernetes internals, RBAC, pod security, and multi-tenant best practices.

Familiarity with vulnerability management lifecycles and security risk remediation strategies.

Experience with Linux systems administration, OS hardening, and secure bootstrapping.

Bonus Skills

Experience with SBOMs, image signing, or container supply chain security.

Exposure to regulated environments (e.g., PCI DSS, HIPAA, FedRAMP).

Contributions to open-source security or compliance projects.