Senior GCP Security Engineer (DevSecOps)
Location : Minneapolis, MN(Preferred), Candidate from nearby states is fine but should be happy to travel at their own expense when called in office.
Hybrid
Duration : 12+ months
Job Summary : We are looking for an experienced Senior GCP Security Engineer (DevSecOps) to lead and drive security initiatives across our cloud environment.
This senior-level role will focus on integrating security into the entire development and operational lifecycle, bridging the gap between Security Analysts, Architects, Developers, and Platform Engineers.
The ideal candidate is a subject matter expert in GCP security, with a strong foundation in DevOps practices, and can implement cutting-edge security solutions across cloud infrastructure.
You will play a key role in ensuring our GCP environment is secure, scalable, and compliant with industry standards.
Key Responsibilities :
Security Leadership : Lead security design and architecture reviews for GCP environments, ensuring security is embedded at all layers of the infrastructure.
o Define and implement security standards for GCP infrastructure, including network segmentation, firewall rules, and secure configurations for compute, storage, and database services.
o Conduct threat modeling exercises to identify potential security risks and develop mitigation strategies.
o Establish and maintain security baselines for GCP resources
Strategic Collaboration : Partner with security architects, developers, and platform engineers to implement security best practices across DevSecOps pipelines and cloud infrastructure.
o Work closely with development teams to integrate security testing into the software development lifecycle (SDLC).
o Collaborate with operations teams to implement security monitoring and incident response processes.
o Provide guidance to architects and engineers on secure cloud design patterns and best practices.
Advanced Cloud Security : Develop and enhance security controls in GCP, including identity and access management (IAM), encryption strategies, and cloud security posture management (CSPM).
DevSecOps Advocacy : Champion the integration of security automation tools (SAST, DAST, IaC scanning) into CI / CD pipelines, ensuring proactive identification and remediation of vulnerabilities.
Security Automation : Build and maintain automated security tooling for cloud infrastructure, using Infrastructure as Code (IaC) technologies like Terraform to streamline security operations.
Incident Response & Threat Hunting : Collaborate with security operations and incident response teams during investigations and implement remediations for security incidents in GCP.
o Develop and implement security incident response plans for GCP environments.
o Proactively hunt for threats and vulnerabilities in GCP using threat intelligence and security analytics platforms.
o "Shift" notification channels left to ensure developers receive notifications / alerts about the workloads they deploy and manage.
Compliance & Risk Management : Ensure adherence to security frameworks (SOC 2, ISO 27001, NIST, etc.) and assist with cloud governance, risk, and compliance initiatives.
o Conduct security assessments and audits to ensure compliance with relevant regulations and industry standards (e.g., SOC 2, ISO 27001, PCI DSS, FERPA, GDPR, CCPA).
o Develop and maintain a risk register for GCP environments, identifying and prioritizing security risks.
Monitoring & Threat Detection : Partner with Infosec on implementation and managing security monitoring, logging, and alerting mechanisms across GCP, leveraging native services and third-party tools for continuous security visibility.
Continuous Security Improvement : Lead eZorts to continuously evaluate and improve platform security practices in response to emerging threats, evolving technologies, and industry trends.
o Stay abreast of emerging security threats, vulnerabilities, and best practices in the cloud security domain.
o Research and evaluate new security technologies and tools to enhance the security posture of GCP environments.
o Contribute to the development of security policies and standards for the organization.
Required Skills & Qualifications :
Experience : 7+ years of experience in cloud security engineering, with at least 3 years focused on GCP. 3+ years experience with Terraform.
Certifications : GCP Professional Cloud Security Engineer certification is required. Additional certifications such as GCP Professional Cloud Architect, Certified Kubernetes Security Specialist (CNCF), or CISSP are highly preferred.
DevSecOps Expertise : Strong experience with integrating security within CI / CD pipelines using tools like Jenkins, GitLab, CircleCI, or similar.
Cloud Security Mastery : Deep expertise in GCP services such as IAM, KMS, VPC, Cloud Security Command Center, and security best practices for GCP-native services.
Automation & IaC : Proficiency with Infrastructure as Code tools (Terraform) and cloud security automation. Programming & Scripting : Advanced proficiency in languages like Python, Bash, or similar for automating security tasks and orchestrating security processes.
Security Tools & Frameworks : Hands-on experience with security tools like SAST, DAST, vulnerability scanning, and container security.
Familiarity with frameworks such as OWASP, NIST, and CIS.
Soft Skills : Excellent communication and leadership skills, with the ability to work across technical and non-technical teams to implement security strategies.
Preferred Qualifications :
Expertise with containerization and orchestration technologies (Docker, Kubernetes), including security measures for microservices and containerized applications.
Experience using a Internal Developer Platform (Humanitec) to orchestrate workloads. Deleted : , CloudFormation
Experience in Zero Trust security models and GCP implementation strategies.
Knowledge of security compliance frameworks (SOC 2, HIPAA, PCI-DSS) and GCP compliance services.