Google Cloud Platform Security Engineer

We are hiring a Senior Google Cloud Platform Security Engineer with over 8 years of experience in designing, implementing, and managing security in cloud environments, particularly with Google Cloud Platform (Google Cloud Platform). This role requires strong technical leadership, deep knowledge of Google Cloud Platform security best practices, and the ability to work across teams to enforce cloud security, compliance, and governance.

Responsibilities:

• Design and implement enterprise-grade Google Cloud Platform security architectures: including IAM strategy, VPC Service Controls, org policy constraints, and secure network design.

• Develop and maintain security guardrails and automation using Terraform, Cloud Functions, and CI/CD tools.

• Enforce least privilege access, manage service accounts, Workload Identity Federation, and define granular IAM roles.

• Implement and monitor Security Command Center, integrate logs and events with SIEM platforms (Splunk, Chronicle, Datadog) for threat detection and response.

• Lead risk assessments, cloud security posture reviews, and vulnerability remediation efforts across Google Cloud Platform projects.

• Secure GKE clusters, Cloud Run, Cloud Functions, and Cloud Storage using encryption, firewall rules, and workload identity.

• Define and implement controls aligned with compliance frameworks: HIPAA, PCI-DSS, SOC 2, ISO 27001, NIST 800-53.

• Collaborate with engineering and DevOps to enforce DevSecOps practices, including policy-as-code, secure CI/CD pipelines, and container security.

• Generate and maintain audit artifacts, run tabletop exercises, and support incident response and postmortems.

• Evaluate new Google Cloud Platform services and third-party integrations for security risks, data governance, and architecture alignment.

Required Skills:

• 8+ years of experience in cloud security, infrastructure security, or cloud architecture, with at least 3+ years on Google Cloud Platform.

• Deep hands-on experience with:

• IAM, VPC SC, Cloud KMS, Cloud Armor

• Security Command Center, Cloud Audit Logs

• Terraform, Python, Bash, or Go for automation

• Strong understanding of network security, TLS/SSL, VPN, Private Google Access, and service perimeter design.

• Proven experience implementing policy-as-code, managing compliance controls, and participating in cloud audits.

• Experience working in regulated industries (healthcare, finance, telecom) is a plus.

Preferred Qualifications:

• Google Cloud Certified: Professional Cloud Security Engineer or Cloud Architect

• Familiarity with DevSecOps tools (OPA, HashiCorp Sentinel, Snyk)

• Experience integrating with SIEM/SOAR platforms

• Exposure to AI/ML and GenAI pipeline security in Vertex AI, BigQuery ML, etc.