diff --git a/Dockerfile b/Dockerfile
index e827aec6d..9dc5c48c9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -43,8 +43,6 @@ COPY --from=builder /workspace/notification-controller /usr/local/bin/
 # https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-354316460
 RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
 
-RUN addgroup -S controller && adduser -S controller -G controller
-
-USER controller
+USER 65534:65534
 
 ENTRYPOINT [ "/sbin/tini", "--", "notification-controller" ]
diff --git a/config/manager/deployment.yaml b/config/manager/deployment.yaml
index 83129f8b5..2cbbf0009 100644
--- a/config/manager/deployment.yaml
+++ b/config/manager/deployment.yaml
@@ -25,6 +25,11 @@ spec:
         securityContext:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          capabilities:
+            drop: [ "ALL" ]
+          seccompProfile:
+            type: RuntimeDefault
         ports:
           - containerPort: 9090
             name: http