Skip to Main Content

Technology and Engineering

Security Engineer

  • Job ID: 2025-131953
  • Calea Aradului 11 - Calea Aradului 11 Timisoara, 300088 Romania
  • Full-time
Apply now Refer a friend
Apply now

Job Description

The Security Engineer owns the engineering, administration, and tuning of the organization’s security ecosystem. This includes EDR, CSPM, vulnerability management, Kubernetes security controls, and developing the policies and procedures used by the 24×7 operations team. This role ensures strong preventive controls, high-quality detections, and technical governance across all application nodes, databases, and Kubernetes clusters.

 

Responsibilities:

 

Kubernetes & Container Security

  • Design, implement, and maintain Kubernetes security controls across clusters.
  • Manage security posture for:
    • Kubernetes API Server policies
    • RBAC permissions and least-privilege configurations
    • Network policies (ingress/egress restrictions)
    • Pod Security Standards (PSS) or admission controller rules
  • Configure and maintain:
    • Kubernetes audit logging
    • Cluster-level and node-level log forwarding to SIEM
    • Runtime security tools (e.g., Falco, Prisma, Aqua, Sysdig, Trivy)
  • Implement and tune detections for:
    • Misconfigured pods and privileged containers
    • Suspicious exec activity
    • Access anomalies to kube-api
    • Lateral movement inside the cluster
  • Support DevOps teams in secure image pipelines, including:
    • Image scanning (SCA, SAST, container scanning)
    • Supply-chain security controls
    • Hardening base images and enforcing security baselines
  • Lead incident response for escalated Kubernetes security issues.
  • Develop runbooks specifically for incidents involving clusters, pods, or container runtimes.

EDR, CSPM & Vulnerability Management

  • Administer and tune endpoint and workload EDR across Linux/Windows application nodes and Kubernetes worker nodes.
  • Manage CSPM tooling across cloud and Kubernetes environments, ensuring compliance with CIS benchmarks.
  • Own the vulnerability management lifecycle:
    • Scanning nodes, packages, images
    • Prioritization
    • Coordinating remediation with Infra/SRE teams
  • Enhance SIEM detections, correlation rules, and automation playbooks.

Policies, Procedures & SOC Support

  • Build and refine SOPs, policies, and runbooks for the 24×7 SOC team.
  • Implement automation for security processes (Python, Bash, PowerShell, IaC).
  • Conduct threat modeling for Kubernetes deployments and new applications.
  • Provide Tier 2–3 support, mentoring SOC analysts and improving overall detection maturity.

Qualifications:

 

Required

  • 4–6+ years in security engineering, cloud security, or SOC engineering.
  • Strong hands-on experience with Kubernetes internals and security.
  • Practical knowledge of:
    • EKS, AKS, GKE, or on-prem Kubernetes
    • Helm, manifests, CRDs, admission controllers
    • Container runtimes (containerd, CRI-O)
  • Experience with:
    • EDR platforms
    • CSPM tools
    • Vulnerability management tools
    • SIEM rule creation and alert tuning
  • Strong scripting/automation capabilities (Python, Bash, PowerShell).
  • Understanding of Linux OS internals and cloud-native security best practices.

Preferred

  • Certifications: CISSP, CISM, GIAC (GCIA/GCIH/GCED), CKS, CKAD, KCNA, AZ-500.
  • Experience with CI/CD security and DevSecOps pipelines.

Additional Information

Besides an exciting job in a tremendous team, here s what you can expect:

  • A fast-paced tech environment
  • Continuous growth & learning
  • Open feedback culture
  • Room for own initiative & ideas
  • Transparency about results & strategy
  • Recognition & reward for hard work
  • Working with a flexible schedule 
  • Medical subscription
  • Meal tickets
  • Extra vacation days - starting with 25 vacation days
  • Many others perks

Company Description

Tremend is the newest global software engineering hub for Publicis Sapient. For over 20 years, the company has been infusing its advanced technical expertise into complex and innovative solutions that meet today s digital transformation needs and pave the way for a better and smarter future. By joining forces with Publicis Sapient we re accelerating the impact, providing a good mix of talented engineers, technology, continuous improvement, innovation, and R&D. Here, you ll have the opportunity to unleash your potential, powering up advanced software solutions for some of the world s most iconic brands. Embrace your passion for technology, creativity, and continuous improvement, and join us in making a difference through engineering.

Other Jobs At Publicis Sapient

Java Developer Bucharest, Romania

Python Technical Lead Bucharest, Romania

DevOps Engineer Bucharest, Romania

Show all jobs

Looking for the latest openings or want to get rewarded for recommending a peer?

Search jobs
External referral program
people at table

Publicis Sapient is aware of scams involving false offers of employment with our company. The false interviews and job offers use fake websites, email addresses, group chat and text messages. We never interview prospective candidates via instant message or group chat, nor do we require candidates to purchase products or services, or process payments on our behalf as a condition of any employment offer. For more information or if you have been targeted please reach out here.

As part of our dedication to an inclusive and diverse workforce, Publicis Sapient is committed to Equal Employment Opportunity without regard for race, color, national origin, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity, or religion. We are also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at hiring@publicissapient.com or you may call us at +1-617-621-0200.

EEO is the law Opens in new window.

Pay transparency information can be found here Opens in new window.