Tremend is the newest global software engineering hub for Publicis Sapient. For over 20 years, the company has been infusing its advanced technical expertise into complex and innovative solutions that meet today's digital transformation needs and pave the way for a better and smarter future. By joining forces with Publicis Sapient we're accelerating the impact, providing a good mix of talented engineers, technology, continuous improvement, innovation, and R&D. Here, you'll have the opportunity to unleash your potential, powering up advanced software solutions for some of the world's most iconic brands. Embrace your passion for technology, creativity, and continuous improvement, and join us in making a difference through engineering.

The Security Engineer owns the engineering, administration, and tuning of the organization’s security ecosystem. This includes EDR, CSPM, vulnerability management, Kubernetes security controls, and developing the policies and procedures used by the 24×7 operations team. This role ensures strong preventive controls, high-quality detections, and technical governance across all application nodes, databases, and Kubernetes clusters.

Responsibilities:

Kubernetes & Container Security

• Design, implement, and maintain Kubernetes security controls across clusters.
• Manage security posture for:
  • Kubernetes API Server policies
  • RBAC permissions and least-privilege configurations
  • Network policies (ingress/egress restrictions)
  • Pod Security Standards (PSS) or admission controller rules
• Configure and maintain:
  • Kubernetes audit logging
  • Cluster-level and node-level log forwarding to SIEM
  • Runtime security tools (e.g., Falco, Prisma, Aqua, Sysdig, Trivy)
• Implement and tune detections for:
  • Misconfigured pods and privileged containers
  • Suspicious exec activity
  • Access anomalies to kube-api
  • Lateral movement inside the cluster
• Support DevOps teams in secure image pipelines, including:
  • Image scanning (SCA, SAST, container scanning)
  • Supply-chain security controls
  • Hardening base images and enforcing security baselines
• Lead incident response for escalated Kubernetes security issues.
• Develop runbooks specifically for incidents involving clusters, pods, or container runtimes.

EDR, CSPM & Vulnerability Management

• Administer and tune endpoint and workload EDR across Linux/Windows application nodes and Kubernetes worker nodes.
• Manage CSPM tooling across cloud and Kubernetes environments, ensuring compliance with CIS benchmarks.
• Own the vulnerability management lifecycle:
  • Scanning nodes, packages, images
  • Prioritization
  • Coordinating remediation with Infra/SRE teams
• Enhance SIEM detections, correlation rules, and automation playbooks.

Policies, Procedures & SOC Support

• Build and refine SOPs, policies, and runbooks for the 24×7 SOC team.
• Implement automation for security processes (Python, Bash, PowerShell, IaC).
• Conduct threat modeling for Kubernetes deployments and new applications.
• Provide Tier 2–3 support, mentoring SOC analysts and improving overall detection maturity.

Qualifications:

Required

• 4–6+ years in security engineering, cloud security, or SOC engineering.
• Strong hands-on experience with Kubernetes internals and security.
• Practical knowledge of:
  • EKS, AKS, GKE, or on-prem Kubernetes
  • Helm, manifests, CRDs, admission controllers
  • Container runtimes (containerd, CRI-O)
• Experience with:
  • EDR platforms
  • CSPM tools
  • Vulnerability management tools
  • SIEM rule creation and alert tuning
• Strong scripting/automation capabilities (Python, Bash, PowerShell).
• Understanding of Linux OS internals and cloud-native security best practices.

Preferred

• Certifications: CISSP, CISM, GIAC (GCIA/GCIH/GCED), CKS, CKAD, KCNA, AZ-500.
• Experience with CI/CD security and DevSecOps pipelines.

Besides an exciting job in a tremendous team, here's what you can expect:

• A fast-paced tech environment
• Continuous growth & learning
• Open feedback culture
• Room for own initiative & ideas
• Transparency about results & strategy
• Recognition & reward for hard work
• Working with a flexible schedule 
• Medical subscription
• Meal tickets
• Extra vacation days - starting with 25 vacation days
• Many others perks