diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index d12f43f1..8f88b213 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -14,6 +14,7 @@ aliases:
 - [api](https://docs.victoriametrics.com/operator/api): adds new fields `maxDiskUsagePerUrl` and`forceVMProto` to the `VMagent` `remoteWriteSpec`
 - [vmuser](https://docs.victoriametrics.com/operator/resources/vmuser/): fixes the protocol of generated CRD target access url for vminsert and vmstorage when TLS is enabled.
 - [vmagent](https://docs.victoriametrics.com/operator/resources/vmagent/): properly make transition to `statefulMode`. See [this issue](https://github.com/VictoriaMetrics/operator/issues/1127) for details.
+- [operator](https://docs.victoriametrics.com/operator/): fixes pod scheduling with `useStrictSecurity` enabled by removing default values for `AppArmorProfile` and `SeccompProfile`. See [this issue](https://github.com/VictoriaMetrics/operator/issues/1120) for details.
 
 ## [v0.48.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.48.3) - 29 Sep 2024
 
diff --git a/internal/controller/operator/factory/build/security.go b/internal/controller/operator/factory/build/security.go
index 396e7c84..c07fd2bc 100644
--- a/internal/controller/operator/factory/build/security.go
+++ b/internal/controller/operator/factory/build/security.go
@@ -17,15 +17,9 @@ var (
 	containerUserGroup     int64 = 65534
 	runNonRoot                   = true
 	defaultSecurityContext       = &corev1.SecurityContext{
-		RunAsUser:    &containerUserGroup,
-		RunAsGroup:   &containerUserGroup,
-		RunAsNonRoot: &runNonRoot,
-		AppArmorProfile: &corev1.AppArmorProfile{
-			Type: corev1.AppArmorProfileTypeRuntimeDefault,
-		},
-		SeccompProfile: &corev1.SeccompProfile{
-			Type: corev1.SeccompProfileTypeRuntimeDefault,
-		},
+		RunAsUser:                &containerUserGroup,
+		RunAsGroup:               &containerUserGroup,
+		RunAsNonRoot:             &runNonRoot,
 		ReadOnlyRootFilesystem:   ptr.To(true),
 		AllowPrivilegeEscalation: ptr.To(false),
 		Capabilities: &corev1.Capabilities{
diff --git a/test/e2e/vmauth_test.go b/test/e2e/vmauth_test.go
index 9c395a6c..7e880ca7 100644
--- a/test/e2e/vmauth_test.go
+++ b/test/e2e/vmauth_test.go
@@ -92,7 +92,7 @@ var _ = Describe("test vmauth Controller", func() {
 					},
 					Spec: v1beta1vm.VMAuthSpec{
 						CommonDefaultableParams: v1beta1vm.CommonDefaultableParams{
-							//						UseStrictSecurity:   ptr.To(true),
+							UseStrictSecurity:   ptr.To(true),
 							UseDefaultResources: ptr.To(false),
 						},
 						CommonConfigReloaderParams: v1beta1vm.CommonConfigReloaderParams{
diff --git a/test/e2e/vmsingle_test.go b/test/e2e/vmsingle_test.go
index 855dfa2b..4b5d3196 100644
--- a/test/e2e/vmsingle_test.go
+++ b/test/e2e/vmsingle_test.go
@@ -159,6 +159,39 @@ var _ = Describe("test  vmsingle Controller", func() {
 						Expect(createdDeploy.Spec.Template.Spec.Containers[0].Resources).To(Equal(corev1.ResourceRequirements{}))
 						Expect(createdDeploy.Spec.Template.Spec.Containers[1].Resources).To(Equal(corev1.ResourceRequirements{}))
 					}),
+				Entry("with strict security", "strict-security",
+					&vmv1beta1.VMSingle{
+						ObjectMeta: metav1.ObjectMeta{
+							Namespace: namespace,
+						},
+						Spec: vmv1beta1.VMSingleSpec{
+							CommonApplicationDeploymentParams: vmv1beta1.CommonApplicationDeploymentParams{
+								ReplicaCount: ptr.To[int32](1),
+							},
+							CommonDefaultableParams: vmv1beta1.CommonDefaultableParams{
+								UseStrictSecurity: ptr.To(true),
+							},
+							RetentionPeriod:      "1",
+							RemovePvcAfterDelete: true,
+							Storage: &corev1.PersistentVolumeClaimSpec{
+								Resources: corev1.VolumeResourceRequirements{
+									Requests: corev1.ResourceList{
+										corev1.ResourceStorage: resource.MustParse("1Gi"),
+									},
+								},
+							},
+						},
+					},
+					func(cr *vmv1beta1.VMSingle) {
+						createdChildObjects := types.NamespacedName{Namespace: namespace, Name: cr.PrefixedName()}
+						var createdDeploy appsv1.Deployment
+						Expect(k8sClient.Get(ctx, createdChildObjects, &createdDeploy)).To(Succeed())
+						Expect(createdDeploy.Spec.Template.Spec.Containers).To(HaveLen(1))
+						Expect(createdDeploy.Spec.Template.Spec.Containers[0].SecurityContext).NotTo(BeNil())
+						Expect(createdDeploy.Spec.Template.Spec.Containers[0].SecurityContext.RunAsNonRoot).NotTo(BeNil())
+						Expect(*createdDeploy.Spec.Template.Spec.Containers[0].SecurityContext.RunAsNonRoot).To(BeTrue())
+
+					}),
 			)
 
 			existSingle := &vmv1beta1.VMSingle{