Kubernetes Platform Security Engineer (Contract)

We tackle the most complex problems in quantitative finance, by bringing scientific clarity to financial complexity.

From our London HQ, we unite world-class researchers and engineers in an environment that values deep exploration and methodical execution - because the best ideas take time to evolve.  Together we're building a world-class platform to amplify our teams' most powerful ideas.

As part of our engineering team, you'll shape the platforms and tools that drive high-impact research - designing systems that scale, accelerate discovery and support innovation across the firm.

Take the next step in your career.

The role

We are seeking an experienced Kubernetes Security Engineer on a 12-month contract to strengthen the security of our Kubernetes platforms.

This is a specialist role focused on Kubernetes networking, identity and runtime security. You will design, implement and operationalise advanced controls that protect multi-tenant clusters running highly sensitive and performance-critical workloads.

Working closely with platform engineers, security teams and internal users, you will deliver pragmatic, production-ready solutions that improve network isolation, threat detection and runtime visibility without compromising developer experience or performance.

Key responsibilities of the role include:

Designing, implementing, and operating Cilium-based networking and security controls, including network policies, identity-aware networking and traffic visibility

Improving Cilium upgrade processes, collaborating with teams and training operations staff

Implementing and scaling cluster mesh across Kubernetes environments

Deploying and operationalising Tetragon for runtime security, including observability, detection policies and integration with existing tooling

Strengthening multi-tenant security through network policies, RBAC and identity-based controls aligned with platform standards

Collaborating with platform and security teams to define threat models for Kubernetes workloads, translate security requirements into controls and harden cluster configurations

Integrating security telemetry into existing observability stacks including Prometheus, Grafana, OpenTelemetry and SIEM pipelines

Providing guidance and best practices on secure Kubernetes networking and runtime behaviour

Contributing to incident response related to Kubernetes security events, including root cause analysis and preventative improvements

Documenting designs, detection strategies, runbooks and operational procedures to ensure long-term maintainability

Who are we looking for?

We value engineers who bring curiosity, pragmatism and collaboration to their work, and who are motivated to grow continuously while helping those around them do the same.

The ideal candidate will have the following skills and experience:

Essential skills:

Strong Linux systems engineering background with a security focus

Deep hands-on experience with Cilium, including network policy design and troubleshooting

Experience with zero-trust networking and securing Kubernetes clusters in production

Strong understanding of Kubernetes internals, including networking, service identity, RBAC and multi-tenant cluster design

Proficiency with Infrastructure as Code and configuration management tools such as Helm, Terraform or GitOps

Ability to diagnose complex security, networking and performance issues

Strong communication skills with ability to explain security trade-offs to non-security specialists

Experience producing clear technical documentation, designs and runbooks

Desirable skills:

Experience integrating Kubernetes security signals into SIEM or detection platforms

Experience with Cilium cluster mesh and policy engines such as OPA or Gatekeeper

Familiarity with eBPF-based tooling beyond Cilium/Tetragon

Experience with managed Kubernetes platforms such as AWS EKS

Exposure to high-performance or low-latency environments

Contributions to open-source projects in the Kubernetes, Cilium or eBPF ecosystems

Why join us?

Highly competitive compensation plus annual discretionary bonus

Lunch provided (via Just Eat for Business) and dedicated barista bar

30 days’ annual leave

9% company pension contributions

Informal dress code and excellent work/life balance

Comprehensive healthcare and life assurance

Cycle-to-work scheme

Monthly company events

G-Research is committed to cultivating and preserving an inclusive work environment. We are an ideas-driven business and we place great value on diversity of experience and opinions.

We want to ensure that applicants receive a recruitment experience that enables them to perform at their best. If you have a disability or special need that requires accommodation please let us know in the relevant section