diff --git a/CHANGELOG.md b/CHANGELOG.md
index 114108ab41c..922094cd028 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -44,7 +44,7 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio
 
 ### Improvements
 
-- TODO ([#XXX](https://github.com/kedacore/keda/issue/XXX))
+- **General:** Add explicit seccompProfile type to securityContext config ([#3561](https://github.com/kedacore/keda/issues/3561))
 
 ### Fixes
 
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index f302c668c49..12e57b1d47a 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -68,6 +68,8 @@ spec:
               - ALL
             allowPrivilegeEscalation: false
             readOnlyRootFilesystem: true
+            seccompProfile:
+              type: RuntimeDefault
       terminationGracePeriodSeconds: 10
       nodeSelector:
         kubernetes.io/os: linux
diff --git a/config/metrics-server/deployment.yaml b/config/metrics-server/deployment.yaml
index f9b382b3e23..f18fcccd3cf 100644
--- a/config/metrics-server/deployment.yaml
+++ b/config/metrics-server/deployment.yaml
@@ -70,8 +70,10 @@ spec:
               drop:
               - ALL
             allowPrivilegeEscalation: false
-            ## Metrics server needs to write the self-signed cert so it's not possible set this
+            ## Metrics server needs to write the self-signed cert. See FAQ for discussion of options.
             # readOnlyRootFilesystem: true
+            seccompProfile:
+              type: RuntimeDefault
       nodeSelector:
         kubernetes.io/os: linux
       volumes: