Senior GCP Security Engineer

Senior GCP Security Engineer (DevSecOps)

Location: Minneapolis MN(Preferred) Candidate from nearby states is fine but should be happy to travel at their own expense when called in office.

Hybrid

Duration: 12 months

Job Summary: We are looking for an experienced Senior GCP Security Engineer (DevSecOps) to lead and drive security initiatives across our cloud environment. This seniorlevel role will focus on integrating security into the entire development and operational lifecycle bridging the gap between Security Analysts Architects Developers and Platform Engineers. The ideal candidate is a subject matter expert in GCP security with a strong foundation in DevOps practices and can implement cuttingedge security solutions across cloud infrastructure. You will play a key role in ensuring our GCP environment is secure scalable and compliant with industry standards.

Key Responsibilities:

Security Leadership: Lead security design and architecture reviews for GCP environments ensuring security is embedded at all layers of the infrastructure.

o Define and implement security standards for GCP infrastructure including network segmentation firewall rules and secure configurations for compute storage and database services.

o Conduct threat modeling exercises to identify potential security risks and develop mitigation strategies.

o Establish and maintain security baselines for GCP resources

Strategic Collaboration: Partner with security architects developers and platform engineers to implement security best practices across DevSecOps pipelines and cloud infrastructure.

o Work closely with development teams to integrate security testing into the software development lifecycle (SDLC).

o Collaborate with operations teams to implement security monitoring and incident response processes.

o Provide guidance to architects and engineers on secure cloud design patterns and best practices.

Advanced Cloud Security: Develop and enhance security controls in GCP including identity and access management (IAM) encryption strategies and cloud security posture management (CSPM).

DevSecOps Advocacy: Champion the integration of security automation tools (SAST DAST IaC scanning) into CI/CD pipelines ensuring proactive identification and remediation of vulnerabilities.

Security Automation: Build and maintain automated security tooling for cloud infrastructure using Infrastructure as Code (IaC) technologies like Terraform to streamline security operations.

Incident Response & Threat Hunting: Collaborate with security operations and incident response teams during investigations and implement remediations for security incidents in GCP.

o Develop and implement security incident response plans for GCP environments.

o Proactively hunt for threats and vulnerabilities in GCP using threat intelligence and security analytics platforms.

o Shift notification channels left to ensure developers receive notifications / alerts about the workloads they deploy and manage.

Compliance & Risk Management: Ensure adherence to security frameworks (SOC 2 ISO 27001 NIST etc.) and assist with cloud governance risk and compliance initiatives.

o Conduct security assessments and audits to ensure compliance with relevant regulations and industry standards (e.g. SOC 2 ISO 27001 PCI DSS FERPA GDPR CCPA).

o Develop and maintain a risk register for GCP environments identifying and prioritizing security risks.

Monitoring & Threat Detection: Partner with Infosec on implementation and managing security monitoring logging and alerting mechanisms across GCP leveraging native services and thirdparty tools for continuous security visibility.

Continuous Security Improvement: Lead eZorts to continuously evaluate and improve platform security practices in response to emerging threats evolving technologies and industry trends.

o Stay abreast of emerging security threats vulnerabilities and best practices in the cloud security domain.

o Research and evaluate new security technologies and tools to enhance the security posture of GCP environments.

o Contribute to the development of security policies and standards for the organization.

Required Skills & Qualifications:

Experience: 7 years of experience in cloud security engineering with at least 3 years focused on GCP. 3 years experience with Terraform.

Certifications: GCP Professional Cloud Security Engineer certification is required. Additional certifications such as GCP Professional Cloud Architect Certified Kubernetes Security Specialist (CNCF) or CISSP are highly preferred.

DevSecOps Expertise: Strong experience with integrating security within CI/CD pipelines using tools like Jenkins GitLab CircleCI or similar.

Cloud Security Mastery: Deep expertise in GCP services such as IAM KMS VPC Cloud Security Command Center and security best practices for GCPnative services.

Automation & IaC: Proficiency with Infrastructure as Code tools (Terraform) and cloud security automation. Programming & Scripting: Advanced proficiency in languages like Python Bash or similar for automating security tasks and orchestrating security processes.

Security Tools & Frameworks: Handson experience with security tools like SAST DAST vulnerability scanning and container security. Familiarity with frameworks such as OWASP NIST and CIS.

Soft Skills: Excellent communication and leadership skills with the ability to work across technical and nontechnical teams to implement security strategies.

Preferred Qualifications:

Expertise with containerization and orchestration technologies (Docker Kubernetes) including security measures for microservices and containerized applications.

Experience using a Internal Developer Platform (Humanitec) to orchestrate workloads. Deleted: CloudFormation

Experience in Zero Trust security models and GCP implementation strategies.

Knowledge of security compliance frameworks (SOC 2 HIPAA PCIDSS) and GCP compliance services.