Job Description

10Pearls is an award-winning end-to-end digital innovation company that helps businesses imagine and build the future. We are proud to announce that 10Pearls was named as winner of the Best Tech Work Culture Timmy Award in Washington DC by Tech in Motion, recognized on the Inc. 5000 Fastest-Growing Companies List, and was ranked the #1 Most Diverse Midsize Company in Greater Washington. We partner with businesses to help them transform, scale, and accelerate by adopting digital and exponential technologies. Our work has ranged from creating highly usable, secure digital experiences, mobile and software products, to helping businesses modernize through cloud adoption and development and the digitalization of their business processes. Our clientele is highly diverse, including Global 1000 enterprises, mid-market businesses, and high-growth start-ups. But those are just facts. What makes us unique is that we have true heart and soul. We have a strong focus on a double bottom line and actively support and engage with the communities where we live and work to make the world a better place. In a nutshell, we believe in doing well, while doing good, and know how to balance the two.

Role

10Pearls is looking for a Security Engineer to lead platform security through policy-as-code and modern security practices. You will drive Kubernetes security, supply chain protection, and compliance alignment. You will work with cross-functional teams to embed security across the development lifecycle.

Responsibilities:

• Implement, manage ISO 27001, and update information security policies and procedures

• Monitor network and endpoint security, investigate issues, and respond to breaches

• Perform vulnerability assessments, identify security gaps in networks and websites, and conduct penetration testing

• Conduct internal audits and reporting related to ISO 27001 and technical compliance

• Manage Windows Server Security, PowerShell, and Linux system administration

• Ensure 100% deployment of endpoint security, email security, phishing, and malware protection

• Continuously audit systems to ensure implementation of approved security controls

• Coordinate with IT teams and other stakeholders

• Analyze IT requirements and provide objective security recommendations

• Lead tasks to completion and ensure timely execution of security operations

• Stay updated on the latest security threats, trends, and technologies

• Demonstrate adaptability and a creative approach to problem-solving

• Perform additional duties as assigned

Requirements

• 3–6 years of experience in Application Security, Platform Security, or Security Engineering roles

• Hands-on experience with OPA and Rego, including policy authoring, bundle distribution, and admission controller integration

• Strong understanding of Kubernetes security, including RBAC, Network Policies, Pod Security, and admission controllers

• Experience working with Vault, including policies, transit secrets engine, PKI, and dynamic secrets

• Hands-on experience with container and dependency scanning tools such as Trivy, Grype, Snyk, or Dependency-Track

• Knowledge of supply chain security, including image signing (Cosign or Sigstore) and SBOM generation

• Proficiency in Python and/or Go for building security tooling and automation

• Strong documentation and communication skills, including experience writing threat models, policy design documents, and incident reports

Nice to Have

• Experience with tamper-evident audit systems, WORM storage, or hash-chained architectures

• Familiarity with ABAC or ReBAC frameworks such as OPA, OpenFGA, or Cedar

• Experience with compliance frameworks such as ISO 27001, SOC 2, or regional sovereign frameworks (Pakistan, UAE, Saudi Arabia)

• Background in offensive security (penetration testing, red teaming, CTFs)

• Relevant certifications such as CISSP, OSCP, or CKS