Senior GCP Security Engineer

Senior GCP Security Engineer (DevSecOps)

Location : Minneapolis, MN(Preferred), Candidate from nearby states is fine but should be happy to travel at their own expense when called in office.

Hybrid

Duration : 12+ months

Job Summary : We are looking for an experienced Senior GCP Security Engineer (DevSecOps) to lead and drive security initiatives across our cloud environment.

This senior-level role will focus on integrating security into the entire development and operational lifecycle, bridging the gap between Security Analysts, Architects, Developers, and Platform Engineers.

The ideal candidate is a subject matter expert in GCP security, with a strong foundation in DevOps practices, and can implement cutting-edge security solutions across cloud infrastructure.

You will play a key role in ensuring our GCP environment is secure, scalable, and compliant with industry standards.

Key Responsibilities :

Security Leadership : Lead security design and architecture reviews for GCP environments, ensuring security is embedded at all layers of the infrastructure.

o Define and implement security standards for GCP infrastructure, including network segmentation, firewall rules, and secure configurations for compute, storage, and database services.

o Conduct threat modeling exercises to identify potential security risks and develop mitigation strategies.

o Establish and maintain security baselines for GCP resources

Strategic Collaboration : Partner with security architects, developers, and platform engineers to implement security best practices across DevSecOps pipelines and cloud infrastructure.

o Work closely with development teams to integrate security testing into the software development lifecycle (SDLC).

o Collaborate with operations teams to implement security monitoring and incident response processes.

o Provide guidance to architects and engineers on secure cloud design patterns and best practices.

Advanced Cloud Security : Develop and enhance security controls in GCP, including identity and access management (IAM), encryption strategies, and cloud security posture management (CSPM).

DevSecOps Advocacy : Champion the integration of security automation tools (SAST, DAST, IaC scanning) into CI / CD pipelines, ensuring proactive identification and remediation of vulnerabilities.

Security Automation : Build and maintain automated security tooling for cloud infrastructure, using Infrastructure as Code (IaC) technologies like Terraform to streamline security operations.

Incident Response & Threat Hunting : Collaborate with security operations and incident response teams during investigations and implement remediations for security incidents in GCP.

o Develop and implement security incident response plans for GCP environments.

o Proactively hunt for threats and vulnerabilities in GCP using threat intelligence and security analytics platforms.

o "Shift" notification channels left to ensure developers receive notifications / alerts about the workloads they deploy and manage.

Compliance & Risk Management : Ensure adherence to security frameworks (SOC 2, ISO 27001, NIST, etc.) and assist with cloud governance, risk, and compliance initiatives.

o Conduct security assessments and audits to ensure compliance with relevant regulations and industry standards (e.g., SOC 2, ISO 27001, PCI DSS, FERPA, GDPR, CCPA).

o Develop and maintain a risk register for GCP environments, identifying and prioritizing security risks.

Monitoring & Threat Detection : Partner with Infosec on implementation and managing security monitoring, logging, and alerting mechanisms across GCP, leveraging native services and third-party tools for continuous security visibility.

Continuous Security Improvement : Lead eZorts to continuously evaluate and improve platform security practices in response to emerging threats, evolving technologies, and industry trends.

o Stay abreast of emerging security threats, vulnerabilities, and best practices in the cloud security domain.

o Research and evaluate new security technologies and tools to enhance the security posture of GCP environments.

o Contribute to the development of security policies and standards for the organization.

Required Skills & Qualifications :

Experience : 7+ years of experience in cloud security engineering, with at least 3 years focused on GCP. 3+ years experience with Terraform.

Certifications : GCP Professional Cloud Security Engineer certification is required. Additional certifications such as GCP Professional Cloud Architect, Certified Kubernetes Security Specialist (CNCF), or CISSP are highly preferred.

DevSecOps Expertise : Strong experience with integrating security within CI / CD pipelines using tools like Jenkins, GitLab, CircleCI, or similar.

Cloud Security Mastery : Deep expertise in GCP services such as IAM, KMS, VPC, Cloud Security Command Center, and security best practices for GCP-native services.

Automation & IaC : Proficiency with Infrastructure as Code tools (Terraform) and cloud security automation. Programming & Scripting : Advanced proficiency in languages like Python, Bash, or similar for automating security tasks and orchestrating security processes.

Security Tools & Frameworks : Hands-on experience with security tools like SAST, DAST, vulnerability scanning, and container security.

Familiarity with frameworks such as OWASP, NIST, and CIS.

Soft Skills : Excellent communication and leadership skills, with the ability to work across technical and non-technical teams to implement security strategies.

Preferred Qualifications :

Expertise with containerization and orchestration technologies (Docker, Kubernetes), including security measures for microservices and containerized applications.

Experience using a Internal Developer Platform (Humanitec) to orchestrate workloads. Deleted : , CloudFormation

Experience in Zero Trust security models and GCP implementation strategies.

Knowledge of security compliance frameworks (SOC 2, HIPAA, PCI-DSS) and GCP compliance services.