The privileged (1001) user id from the operator Dockerfile gets to run a pod from the Job, without being enforced "restricted" like SCC constraints on the upload container, which can impact security of the namespace. The lack of SecurityContextConstraints in the pod spec is one of the probable root cause.