diff --git a/prometheus/templates/statefulset.yaml b/prometheus/templates/statefulset.yaml
index 468451ee0..d31f6e9b4 100644
--- a/prometheus/templates/statefulset.yaml
+++ b/prometheus/templates/statefulset.yaml
@@ -88,8 +88,7 @@ spec:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
-      securityContext:
-        readOnlyRootFilesystem: true
+{{ dict "envAll" $envAll "application" "prometheus" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
       affinity:
 {{ tuple $envAll "prometheus" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
@@ -101,8 +100,7 @@ spec:
         - name: prometheus-perms
 {{ tuple $envAll "prometheus" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.prometheus | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
-            runAsUser: 0
+{{ dict "envAll" $envAll "application" "prometheus" "container" "prometheus_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - chown
             - -R
@@ -115,6 +113,7 @@ spec:
         - name: apache-proxy
 {{ tuple $envAll "apache_proxy" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.apache_proxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "prometheus" "container" "apache_proxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/apache.sh
             - start
@@ -146,6 +145,7 @@ spec:
         - name: prometheus
 {{ tuple $envAll "prometheus" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.prometheus | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "prometheus" "container" "prometheus" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/prometheus.sh
             - start
diff --git a/prometheus/values.yaml b/prometheus/values.yaml
index 34ad605a6..138ef0d22 100644
--- a/prometheus/values.yaml
+++ b/prometheus/values.yaml
@@ -43,6 +43,18 @@ labels:
     node_selector_value: enabled
 
 pod:
+  security_context:
+    prometheus:
+      pod:
+        runAsUser: 65534
+      container:
+        prometheus_perms:
+          runAsUser: 0
+        apache_proxy:
+          runAsUser: 0
+        prometheus:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
   affinity:
     anti:
       type: