diff --git a/helm/kanister-operator/templates/deployment.yaml b/helm/kanister-operator/templates/deployment.yaml
index a560e5d0a69..45eab536b59 100644
--- a/helm/kanister-operator/templates/deployment.yaml
+++ b/helm/kanister-operator/templates/deployment.yaml
@@ -14,6 +14,10 @@ spec:
       labels:
 {{ include "kanister-operator.helmLabels" . | indent 8}}
     spec:
+{{- if .Values.controller.podSecurityContext }}
+      securityContext: 
+{{ toYaml .Values.controller.podSecurityContext | indent 8 }}
+{{- end }}
       serviceAccountName: {{ template "kanister-operator.serviceAccountName" . }}
 {{- if or .Values.bpValidatingWebhook.enabled .Values.validatingWebhook.repositoryserver.enabled }}
       volumes:
@@ -29,6 +33,10 @@ spec:
       - name: {{ template "kanister-operator.fullname" . }}
         image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
+{{- if .Values.controller.containerSecurityContext }}
+        securityContext: 
+{{ toYaml .Values.controller.containerSecurityContext | indent 10 }}
+{{- end }}
 {{- if .Values.bpValidatingWebhook.enabled }}
         volumeMounts:
           - name: webhook-certs
@@ -53,6 +61,10 @@ spec:
       - name: {{ template "repository-server-controller.name" . }}
         image: {{ .Values.repositoryServerControllerImage.registry }}/{{ .Values.repositoryServerControllerImage.name }}:{{ .Values.repositoryServerControllerImage.tag }}
         imagePullPolicy: {{ .Values.repositoryServerControllerImage.pullPolicy }}
+{{- if .Values.controller.containerSecurityContext }}
+        securityContext: 
+{{ toYaml .Values.controller.containerSecurityContext | indent 10 }}
+{{- end }}
 {{- if .Values.validatingWebhook.repositoryserver.enabled }}
         volumeMounts:
           - name: webhook-certs
diff --git a/helm/kanister-operator/values.yaml b/helm/kanister-operator/values.yaml
index 6de036f300d..b758dad3a4a 100644
--- a/helm/kanister-operator/values.yaml
+++ b/helm/kanister-operator/values.yaml
@@ -36,6 +36,20 @@ controller:
     # false : kanister-prometheus framework has been disabled
     # true: kanister-prometheus framework has been enabled
     enabled: false
+  # Pod-level security context settings
+  podSecurityContext:
+  # runAsUser: 1000
+  # fsGroup: 2000
+  # runAsNonRoot: true
+
+  # Container-level security context settings
+  containerSecurityContext:
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # allowPrivilegeEscalation: false 
 dataStore:
   parallelism:
     upload: 8
@@ -89,3 +103,4 @@ tolerations: []
 #
 # node labels for pod assignment. Evaluated as template
 nodeSelector: {}
+  
\ No newline at end of file