diff --git a/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2 b/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2
index 84d6f11e4fb..95443ef537b 100644
--- a/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2
+++ b/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2
@@ -20,6 +20,11 @@ spec:
     spec:
       template:
         spec:
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            fsGroup: 1000
+            runAsNonRoot: true
           containers:
           - name: delete-s3-files-cronjob
             image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
diff --git a/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2 b/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2
index 7f350b86c97..a8c02d02769 100644
--- a/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2
+++ b/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2
@@ -29,6 +29,11 @@ spec:
     spec:
       template:
         spec:
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            fsGroup: 1000
+            runAsNonRoot: true
           containers:
           - name: data-deletion-trigger-cronjob
             image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
diff --git a/ansible/roles/schulcloud-server-core/templates/migration-job.yml.j2 b/ansible/roles/schulcloud-server-core/templates/migration-job.yml.j2
index f9b76dc34a7..42edd22f4a0 100644
--- a/ansible/roles/schulcloud-server-core/templates/migration-job.yml.j2
+++ b/ansible/roles/schulcloud-server-core/templates/migration-job.yml.j2
@@ -11,6 +11,11 @@ spec:
       labels:
         app: api-migration
     spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        runAsNonRoot: true
       containers:
       - name: api-migration-job
         image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
diff --git a/ansible/roles/schulcloud-server-core/templates/tldraw-delete-files-cronjob.yml.j2 b/ansible/roles/schulcloud-server-core/templates/tldraw-delete-files-cronjob.yml.j2
index 80b8e5e5e41..3f702e42e72 100644
--- a/ansible/roles/schulcloud-server-core/templates/tldraw-delete-files-cronjob.yml.j2
+++ b/ansible/roles/schulcloud-server-core/templates/tldraw-delete-files-cronjob.yml.j2
@@ -20,6 +20,11 @@ spec:
     spec:
       template:
         spec:
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            fsGroup: 1000
+            runAsNonRoot: true
           containers:
           - name: tldraw-delete-files-cronjob
             image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
diff --git a/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2 b/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2
index 41a4d21c783..44e1d95d5c4 100644
--- a/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2
+++ b/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2
@@ -20,6 +20,11 @@ spec:
       activeDeadlineSeconds: {{ SERVER_LDAP_SYNC_FULL_CRONJOB_TIMEOUT|default("39600", true) }}
       template:
         spec:
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            fsGroup: 1000
+            runAsNonRoot: true
           containers:
           - name: api-ldapsync-cronjob
             image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}