diff --git a/backend/deploy/helm/templates/discovery-cron.yaml b/backend/deploy/helm/templates/discovery-cron.yaml
index 531a978..1b0ff5e 100644
--- a/backend/deploy/helm/templates/discovery-cron.yaml
+++ b/backend/deploy/helm/templates/discovery-cron.yaml
@@ -17,9 +17,19 @@ spec:
       template:
         spec:
           restartPolicy: OnFailure
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 100
+            runAsGroup: 100
+            seccompProfile:
+              type: RuntimeDefault
           containers:
             - name: tick
               image: curlimages/curl:8.9.1
+              securityContext:
+                allowPrivilegeEscalation: false
+                capabilities:
+                  drop: ["ALL"]
               command:
                 - sh
                 - -c