Cloud Engineer: Google Cloud Platform Network, Security, and GenAI
Position Overview & Mission
Reporting directly to the Head of Cloud Infrastructure, the Principal Cloud Engineer is responsible for executing the "FY26 Google Cloud Platform Mandate." Following our Strategic Agreement with Google Cloud Platform, this role drives the hands-on implementation required to accelerate Generative AI capabilities by year-end. You will serve as the lead engineer translating architectural direction into scalable, secure, and production-ready systems, balancing aggressive "Speed to Value" with "Secure by Default" principles across the Google Cloud Platform Foundation. This is a highly execution-focused role where you will build, deploy, and optimize cloud infrastructure and services that protect enterprise data while enabling advanced Agentic AI workflows.
Core Responsibilities: Enterprise Cloud Networking
You will manage a complex, global network topology based on the "VPC Service Controls Strategy," ensuring strict isolation between core foundations and legacy assets.
Topology Management: Enforce a strict Hub-and-Spoke network topology. You will standardize the naming convention across all environments: 0p (Production), 0n (Non-Production), 0d (Dev), 0s (Stage), and 0t (Test).
Perimeter Defense: Design and validate VPC Service Controls (VPC-SC) to prevent data exfiltration.
Traffic Security: Standardize SSL Policies using the RESTRICTED profile and a minimum of TLS 1.2 across all Load Balancer proxies (e.g., admin-api-https-proxy, braze-proxy-htts-proxy).
Firewall Governance: Implement Hierarchical Firewall Policies at the Organization level to enforce a "deny-all outbound" default posture.
Hybrid Connectivity: Validate and enforce Partner Interconnect encrypted VLAN attachments for all traffic traversing from on-premise to Google Cloud Platform.
5. Technical Qualifications & Tech Stack Expertise
IaC Mastery: Expert-level Terraform for provisioning projects, hierarchical labels, and Model Armor floor settings (using google_model_armor_floorsetting).
Networking experience and building out VPC
Security Tooling: Hands-on experience with Google Cloud Armor, Cloud KMS Autokey, VPC Service Controls, and Security Command Center (SCC).
Confidential Computing: Expertise in Confidential VMs (AMD SEV-SNP) for GKE nodes and Compute instances processing sensitive models or PII.
Data Architecture: High familiarity with BigQuery, AlloyDB, and Dataplex aspect types for metadata and classification.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: cxbcsi
- Position Id: Job43647
- Posted 30+ days ago
Never miss an opportunity! Create an alert based on the job you applied for.
