Marc focused on enhancing container security in the gitlabhq/gitlab-runner repository by implementing native seccomp and AppArmor profile support within the Kubernetes executor. He transitioned security configuration from deprecated annotation-based methods to Kubernetes API fields, enabling rootless container image builds on restricted nodes such as Ubuntu 25.04 and newer. Using Go and Kubernetes, Marc introduced support for RuntimeDefault, Unconfined, and Localhost profile types, including validation and configurable paths to accommodate diverse deployment needs. His work strengthened the security posture of the runner, improved compatibility with modern Linux distributions, and reduced manual configuration, laying groundwork for broader rollout and governance alignment.