Skip to main content

Kubernetes Security Specialist

282 words·2 mins

Dates: May 2025 – Nov 2025

Kubernetes subject matter expert for Cloud Security organization, providing technical leadership on container security, policy enforcement, and secure containerized SDLC architecture.

Highlights
#

  • Served as Kubernetes subject matter expert for Cloud Security organization, providing technical leadership on container security, policy enforcement, and secure containerized SDLC architecture.
  • Designed and implemented secure image repository infrastructure using Tekton, Quay, Google Cloud Registry, Terraform, and Renovate, fully automating dependency updates, vulnerability remediation, and secure image builds.
  • Built reusable Tekton pipelines for automated SBOM generation, image signing (Cosign), and vulnerability scanning; published patterns to internal Artifact Hub enabling organization-wide adoption.
  • Authored enterprise container security policies for Ford Cloud Standard, establishing security requirements governing all containerized workloads across the organization.
  • Deployed and configured Kyverno admission controller for policy enforcement, implementing Pod Security Standards and automated security context validation across OpenShift clusters.
  • Engineered compliance infrastructure using Mondoo with Infrastructure as Code, codifying CIS Kubernetes Benchmark and NIST controls with git-based audit trails.
  • Built proof-of-concept demonstrating end-to-end supply chain security: Cosign image signing, SBOM generation, and RHACS attestation verification; presented findings to leadership.
  • Led cross-functional initiative evaluating JFrog Xray vulnerability scanning, coordinating technical approach across teams.
  • Performed continuous workload security analysis using Red Hat Advanced Cluster Security (RHACS) and RHACM, scanning container images for CVEs and automating vulnerability notifications to development teams.
  • Implemented comprehensive RBAC roles and cluster roles implementing least-privilege access controls across multi-tenant Kubernetes environments.
  • Integrated HashiCorp Vault and Google Secrets Manager into CI/CD pipelines for secure secret lifecycle management.
  • Developed Software Development Lifecycle framework for containerized applications, providing security guidance to leadership and engineering teams.

Stack
#

Kubernetes, OpenShift, Tekton, Quay, Cosign, Terraform, Google Cloud, HashiCorp Vault, Python, Bash, RHEL, RHCOS