*Note* TrustedSec will be conducting interviews and filling this position in Q1 2025.

TrustedSec is seeking a Kubernetes Cloud Pentester to join our Force-Cloud team and play a critical role in identifying and mitigating security vulnerabilities in Kubernetes clusters and cloud environments. Candidates with a background as Kubernetes administrators or engineers who have transitioned to penetration testing will be highly valued. Familiarity with multi-cloud platforms such as Oracle Cloud (OCI), Alibaba Cloud, or others is a strong plus.

A Security Consultant at TrustedSec is responsible for performing technical assessments on client systems and assets, analyzing data, and issuing corresponding security reports. Working alongside senior colleagues, you work directly with clients to help them advance their security programs. A Security Consultant plays a vital role in shaping our security consulting practice through regular content delivery.

This position is a US-based, remote position open to those who reside within the US and are authorized to work within the US. If you live near our headquarters in Fairlawn, Ohio, you are always welcome to commute to our office to work.

Key Responsibilities:

Force-Cloud (Kubernetes) Specific:

• Conduct penetration testing and vulnerability assessments of Kubernetes environments, identifying misconfigurations, flaws, and weaknesses.
• Simulate real-world attacks against containerized applications and underlying infrastructure.
• Perform security audits and hardening of Kubernetes clusters
• Develop custom scripts and tooling to automate security testing
• Collaborate with DevOps and Cloud Engineering teams to remediate vulnerabilities and enforce best practices.
• Document findings and create detailed security reports, outlining risks, recommended remediations, and improvements.
• Stay up to date on the latest security trends, vulnerabilities, and techniques in Kubernetes and cloud infrastructure.

Security Assessment and Analysis:

• Working under the guidance of senior consultants, perform small to medium-sized security assessments and risk analyses of clients' facilities, systems, and processes to identify vulnerabilities and potential threats.
• Utilize various security assessment tools and methodologies to evaluate the effectiveness of existing security measures and recommend improvements.

Security Planning and Strategy:

• Collaborate with clients to develop and implement strategic security plans tailored to their unique needs and risks.
• Provide guidance on security best practices, policies, and procedures to enhance the overall security posture of the organization.

Security Training and Awareness:

• Develop and deliver training programs to educate clients' staff on security protocols, emergency response, and risk mitigation strategies, under guidance of senior security consultants.
• Raise awareness of security threats and vulnerabilities to ensure proactive measures are taken to prevent security breaches.

Technical Expertise:

• Stay up to date with the latest security trends, threats, and technologies to provide informed recommendations to clients.
• Advise on the selection and deployment of appropriate security tools and technologies to enhance the clients' security infrastructure.

Client Communication and Relationship Management:

• Build strong client relationships by effectively communicating security findings, recommendations, and solutions in a clear and professional manner.
• Act as a trusted advisor, providing ongoing guidance and support to clients to help them navigate evolving security challenges.

Competencies:

• 2-4 years proven experience in Kubernetes administration and architecture, or experience with pentesting Kubernetes is required.
• Experience in penetration testing is preferred, but not necessary if your K8s skills and other cloud/developer/admin skills are good. Pentesting experience such as traditional on-premises pentesting, web app pentesting, or similar would be a plus.
• Hands-on experience with one or more cloud platforms (AWS, GCP, Azure) is required. Additional experience with Oracle Cloud (OCI), Alibaba Cloud, or others is a plus.
• Strong knowledge of Kubernetes security features such as network policies, secrets management, role-based access control (RBAC), and service mesh security.
• Proficiency in scripting and automation (Bash, Python, Go, etc.) for security testing and exploitation.
• Thorough understanding and familiarity of the Information Security Frameworks (PTES, Add others), compliance requirements and industry standards.
• Network penetration testing (external and internal), to include exploitation and lateral movement, above and beyond running automated tools
• Proficiency in security assessment tools and methodologies.
• Strong project management and client facing skills.
• Analytical, problem solving and communication skills.
• Ability to work independently and collaboratively within a team environment.
• Ability to handle confidential and sensitive information with integrity and professionalism.

Preferred Skills:

• Background as a Kubernetes administrator or cloud engineer.
• Certifications in cloud security (e.g., Certified Kubernetes Security Specialist (CKS), Cloud Security Alliance CCSK, CompTIA Cloud+, etc.).
• Knowledge of Infrastructure as Code (IaC) tools such as Terraform, Helm, or Ansible for deploying secure Kubernetes clusters.
• Experience with security monitoring and alerting in Kubernetes environments.
• Understanding of CI/CD pipelines and DevSecOps practices.

Physical Requirements:

• Prolonged periods of sitting at a desk and working on a computer.
• Must be able to lift 15 pounds at times.  
• Must be able to access and navigate each department at the organization’s facilities.
• Travel approximately 25% over the course of the calendar year. 

Benefits:
This position is a US-based, remote position open to those who reside within the US and are authorized to work within the US. If you live near our headquarters in Fairlawn, Ohio, you are always welcome to commute to our office to work.
 

Beyond working with some of the best people in the Information Security industry, TrustedSec has some incredible benefits, including:

• Medical, vision, and dental coverage
• 401(k) with company matching
• Generous paid time-off/holidays
• Quarterly performance-based bonus program
• Training/conference budget
• Relevant industry certification reimbursement
• Employer-sponsored identity theft monitoring
• Employer-sponsored life insurance, as well as short-term and long-term disability coverage with buy up options
• Plentiful meme sharing

Base Salary Range: $100,000 - $160,000

Staff Level (2-4 years' experience): $100,000 - $135,000

Senior Level (4+ years' experience): $120,000 - $160,000

Salary and position considerations are based upon Kubernetes administration experience and/or consulting experience, with consideration of the geographical location of the candidate.