diff --git a/kubernetes/cronjob/cronjob.yaml b/kubernetes/cronjob/cronjob.yaml
index aa3c475c9..18b950674 100644
--- a/kubernetes/cronjob/cronjob.yaml
+++ b/kubernetes/cronjob/cronjob.yaml
@@ -31,6 +31,14 @@ spec:
               requests:
                 cpu: "500m"
                 memory: "256Mi"
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                  - ALL
+              privileged: false
+              readOnlyRootFilesystem: true
+              runAsNonRoot: true
           restartPolicy: "Never"
           serviceAccountName: descheduler-sa
           volumes:
diff --git a/kubernetes/job/job.yaml b/kubernetes/job/job.yaml
index a478f4e5b..b58d30eec 100644
--- a/kubernetes/job/job.yaml
+++ b/kubernetes/job/job.yaml
@@ -29,6 +29,14 @@ spec:
             requests:
               cpu: "500m"
               memory: "256Mi"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
       restartPolicy: "Never"
       serviceAccountName: descheduler-sa
       volumes: