Key skills
Linux systems engineeringLinux distributions - DebianLinux distributions - UbuntuLinux distributions - AlpineLinux distributions - RHELDockerKubernetesContainerized environmentsCVE remediationLinux package management - aptLinux package management - yum/dnfLinux package management - apkLinux package management - rpmTrivyGrypeClairPythonBashGoContainer image layeringFilesystem structuresCI/CD automationInfrastructure-as-code workflowsAWSAzureGCPGitOpsCI/CD
About this role
RAPIDFORT is a cybersecurity company focused on container security, seeking a Senior Container Security Engineer to lead vulnerability remediation and image hardening across Linux-based container environments. The role involves analyzing and optimizing container images, building automated remediation pipelines, and collaborating with various teams to enhance security and efficiency in cloud-native platforms.
Responsibilities:
- Own end-to-end CVE remediation across Linux-based container images
- Analyze vulnerabilities across OS packages, libraries, runtimes, and dependencies
- Patch, rebuild, validate, and maintain hardened container images at scale
- Reduce attack surface by removing unnecessary packages, binaries, services, and dependencies
- Build and scale automated remediation pipelines for continuous image patching
- Improve image security posture while minimizing operational disruption
- Generate, validate, and maintain SBOMs to support supply chain visibility and compliance
- Integrate remediation workflows into CI/CD and GitOps pipelines
- Optimize image size, startup performance, and operational efficiency
- Research emerging Linux, container, Kubernetes, and software supply chain threats
- Troubleshoot complex dependency, package compatibility, and runtime security issues
- Help define internal standards for hardened images and secure software delivery
Requirements:
- 5+ years of experience in Linux systems engineering, platform engineering, DevSecOps, security engineering, or SRE
- Deep understanding of Linux distributions (Debian, Ubuntu, Alpine, RHEL)
- Strong hands-on experience with Docker, Kubernetes, and containerized environments
- Proven experience remediating CVEs within Linux packages and container ecosystems
- Proficiency with package management systems (apt, yum/dnf, apk, rpm)
- Experience with scanning tools such as Trivy, Grype, or Clair
- Strong scripting or programming skills in Python, Bash, or Go
- Solid understanding of container image layering and filesystem structures
- Familiarity with CI/CD automation and infrastructure-as-code workflows
- Experience with cloud-native infrastructure (AWS, Azure, or GCP)
- Experience building minimal or distroless container images
- Familiarity with SBOM standards (SPDX, CycloneDX, Syft)
- Experience with image signing and verification tools (Cosign, Sigstore)
- Knowledge of software supply chain security frameworks like SLSA
- Familiarity with Kubernetes security controls and eBPF