Senior Google Cloud Architect Infrastructure & Network

Overview

Hybrid
Depends on Experience
Contract - Independent
Contract - W2

Skills

Access Control
Auditing
Backbone.js
Bash
Billing
Border Gateway Protocol
Cloud Computing
Collaboration
Communication
Computer Networking
Configuration Management
Continuous Delivery
Continuous Integration
DLP
DNS
Dashboard
Data Centers
Debugging
Dragon NaturallySpeaking
Encryption
Firewall
Fluency
Good Clinical Practice
Google App Engine
Google Cloud
Google Cloud Platform
Hardening
Hierarchical Storage Management
High-level Design
IDLE
IP
IPS
IT Management
IaaS
Intellectual Property
Kubernetes
Leadership
Microservices
Mirroring
NAT
NIST 800-53
Network
Network Layer
Optimization
Performance Analysis
ProVision
Provisioning
Python
Real-time
Regulatory Compliance
Routers
Routing
Scripting
Terraform
Virtual Machines
Virtual Private Cloud
WAF
Workflow

Job Details

Job Title: Senior Google Cloud Architect Infrastructure & Network
Location: Hybrid (Office in Glenview, IL)
Department: Google Practice
Reports To: Head of Google Practice
Job Overview
Zion Cloud Solutions is seeking a Senior Google Cloud Architect to lead the design and implementation of sophisticated Google Cloud Platform (Google Cloud Platform) infrastructure, with an emphasis on constructing enterprise-grade landing zones. This role demands hands-on expertise in defining resource hierarchies, VPC networking topologies, security hardening, control plane automation, and cost optimization at scale. Stationed in a hybrid work model with our office in Glenview, IL, you ll architect solutions that integrate hybrid connectivity, enforce zero-trust security, and leverage Google Cloud Platform s native tools to deliver resilient, compliant, and cost-efficient cloud environments for our clients.
This is a technical, hands-on leadership position for someone who thrives on building the backbone of cloud infrastructure think VPC Service Controls, Cloud Armor, and Terraform-driven deployments and can own the end-to-end lifecycle of Google Cloud Platform landing zones
Key Responsibilities
Landing Zone Architecture:
  • Design and deploy multi-tenant, multi-region landing zones using Google Cloud Organizations, Folders, and Projects to enforce resource isolation and governance.
  • Implement custom IAM roles, policies, and Organization Policy constraints (e.g., restricting public IPs, enforcing VPC Service Controls) to align with enterprise security baselines.
  • Set up centralized logging and monitoring with Cloud Logging, Cloud Monitoring, and Big Query for audit trails and operational insights across landing zones.
Advanced Networking:
  • Architect VPC topologies, including Shared VPCs with service projects, VPC peering, and subnet segmentation for microservices and hybrid workloads.
  • Configure hybrid connectivity using Dedicated Interconnect or Partner Interconnect, paired with Cloud Router for dynamic BGP routing between on-premises data centers and Google Cloud Platform.
  • Deploy Cloud NAT, Private Google Access, and DNS Hub to secure egress/ingress traffic and enable private Kubernetes clusters E instances.
Security Hardening:
  • Integrate VPC Service Controls to create security perimeters around sensitive data, preventing exfiltration risks in multi-project environments.
  • Deploy policies for DDoS protection, WAF rules, and geo-based access controls at the edge.
  • Configure KMS for customer-managed encryption keys (CMEK) and HSM integration to secure data at rest and in transit, ensuring compliance with standards like NIST 800-53 or CIS benchmarks.
Control Plane & Automation:
  • Build a fully automated control plane using Terraform to provision VPCs, subnets, firewall rules, GKE clusters, and service accounts with least-privilege principles.
  • Leverage Google Cloud Deployment Manager or Anthos Config Management for policy-as-code enforcement across landing zones.
  • Script custom automation workflows (Python, Go) to integrate with Cloud Build CI/CD pipelines for infrastructure provisioning and validation.
Cost Governance & Optimization:
  • Implement Billing Accounts with hierarchical cost allocation and create dashboards for real-time cost visibility.
  • Optimize workloads by recommending preemptible VMs, sustained-use discounts, or committed use contracts, balancing cost with SLAs.
  • Identify idle resources, over-provisioned instances, or unutilized IP ranges, driving continuous cost efficiency.
Technical Leadership:
  • Collaborate with application teams to integrate landing zones with GKE, Cloud Run, or App Engine workloads, ensuring seamless network and security alignment.
  • Troubleshoot complex issues e.g., BGP convergence delays, IAM permission sprawl, or GKE pod networking failures using tools like Packet Mirroring and Trace.
  • Lead architecture reviews, produce detailed HLD/LLD documents and evangelize Google Cloud Platform best practices within the team.
Qualifications
Experience:
  • 7+ years in cloud infrastructure engineering, with 3+ years architecting Google Cloud Platform environments at scale.
  • Demonstrated success in deploying production landing zones with 10+ projects, hybrid connectivity, and 100+ VPCs/subnets.
  • Hands-on experience debugging L3/L4 network issues (e.g., MTU mismatches, NAT traversal) and securing multi-cloud or hybrid setups.
Technical Skills:
  • Mastery of Google Cloud Platform networking stack: VPC, Cloud Router, Load Balancers (Global/Regional), Traffic Director, and Hybrid Connectivity options.
  • Expert-level proficiency with Terraform HCL for multi-module deployments, including provider-level integrations with Google Cloud Platform APIs.
  • Deep knowledge of Google Cloud Platform security tools: Security Command Center, Chronicle, Forseti, and Cloud DLP for data classification and redaction.
  • Experience with GKE networking (e.g., Calico CNI, Network Policy), Anthos Service Mesh, or Istio for microservices deployments.
  • Fluency in scripting (Python, Bash, or Go) and querying Big Query for cost/performance analysis.
Certifications (Preferred):
  • Google Cloud Professional Cloud Architect
  • Google Cloud Professional Network Engineer
  • Google Cloud Professional Security Engineer
  • Hashi Corp Certified: Terraform Associate
Soft Skills:
  • Ability to dissect RFCs or Google Cloud Platform whitepapers and translate them into actionable designs.
  • Strong communication skills to whiteboard complex architectures for CTOs or debug live with SREs.
  • Comfortable leading under pressure, e.g., resolving P1 outages tied to misconfigured firewall rules or IAM deny policies.
Location & Availability:
  • Hybrid role with regular in-office presence at Glenview, IL (e.g., 2-3 days/week).
  • Willingness to join on-call rotations or travel for client engagements (<20% travel).
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.