| Job Title: Platform Compliance & Security Engineer |
| Function: Platform Compliance & Security |
| Primary Skillset: Google Cloud Platform, Python, Terraform, Security |
| Secondary Skillset: Encryption/Decryption, Security Command Center, Data Protection, Data Sensitivity, Data Categorization, Key Management |
| |
| Job Summary |
| We are looking for a Google Cloud Platform Platform Compliance & Security Engineer to drive security governance, data protection, and regulatory compliance across Google Cloud Platform environments. This role combines deep Google Cloud Platform security expertise with hands-on proficiency in Python, Terraform, and cloud-native security tooling to implement robust controls across encryption, key management, and data classification frameworks. The ideal candidate will work closely with data, platform, and engineering teams to enforce security policies, manage sensitive data lifecycles, and ensure continuous compliance with industry standards such as ISO 27001, SOC 2, PCI-DSS, and GDPR all while maintaining operational agility on Google Cloud. |
| |
| Key Responsibilities |
| |
| Define, implement, and enforce cloud security policies across Google Cloud Platform using Organization Policies, IAM constraints, and VPC Service Controls to ensure consistent compliance posture across all projects and environments. |
| Design and manage encryption strategies for data at rest and in transit using Google Cloud KMS, Customer-Managed Encryption Keys (CMEK), and Customer-Supplied Encryption Keys (CSEK), ensuring adherence to key rotation and lifecycle policies. |
| Operate and configure Google Cloud Platform Security Command Center to identify threats, misconfigurations, and vulnerabilities across the platform; triage findings and drive remediation workflows with relevant engineering teams. |
| Implement data protection controls using Cloud DLP (Data Loss Prevention) APIs to detect, classify, and redact sensitive information (PII, PCI, PHI) across Google Cloud Platform storage, databases, and data pipelines. |
| Establish and maintain enterprise-wide data classification taxonomy (Public, Internal, Confidential, Restricted), tag Google Cloud Platform resources accordingly, and automate classification enforcement through Python-based tooling and Terraform. |
| Continuously monitor Google Cloud Platform environments for compliance against frameworks such as CIS Google Cloud Platform Benchmarks, NIST, ISO 27001, and SOC 2, generating audit-ready reports and evidence packages using Cloud Audit Logs and SCC findings. |
| Embed security controls into Terraform IaC templates by enforcing secure defaults, conducting static analysis with tools like tfsec or Checkov, and integrating security gates into CI/CD pipelines. |
| Design and govern least-privilege IAM architectures across Google Cloud Platform, manage service account hygiene, implement Workload Identity Federation, and enforce just-in-time access patterns for privileged operations. |
| Coordinate vulnerability assessments, manage Container Vulnerability Scanning (Artifact Registry), and lead threat modeling exercises for new platform capabilities to proactively address security risks. |
| Lead security incident response activities for Google Cloud Platform-hosted workloads, conduct forensic investigation using Cloud Logging and Chronicle, and drive post-incident reviews to improve platform security controls. |
| Develop Python-based automation scripts and Lambda-equivalent Cloud Functions to auto-remediate policy violations, enforce compliance guardrails, and generate real-time security dashboards for stakeholders. |
| Liaise with compliance, legal, and external auditors to support regulatory assessments, manage third-party security reviews of Google Cloud Platform environments, and maintain up-to-date documentation of security controls and risk registers. |
| |
| Must-Have Skills |
| Deep hands-on experience with Google Cloud Platform security services including Cloud KMS, Security Command Center, Cloud DLP, VPC Service Controls, Cloud Armor, Binary Authorization, and Chronicle. |
| Strong Python skills applied to security automation writing scripts for compliance checks, DLP policy enforcement, auto-remediation, and integrating Google Cloud Platform APIs for security event processing. |
| Proven ability to write secure Terraform configurations, enforce security policies via code, and integrate static analysis tools (tfsec, Checkov) into CI/CD pipelines for Google Cloud Platform deployments. |
| In-depth knowledge of symmetric/asymmetric encryption, Google Cloud Platform Cloud KMS key hierarchies, CMEK/CSEK implementation, envelope encryption patterns, and HSM-backed key operations. |
| Hands-on experience with Cloud DLP for sensitive data discovery, classification schema design (PII/PCI/PHI), data masking/tokenization techniques, and enforcement of data handling policies. |
| Working knowledge of CIS Google Cloud Platform Benchmarks, NIST 800-53, ISO 27001, SOC 2 Type II, PCI-DSS, and GDPR requirements as they apply to cloud infrastructure and data management practices. |
| Expertise in Google Cloud Platform IAM design, service account management, Workload Identity Federation, Organization Policy constraints, and implementing least-privilege access models at scale. |
Never miss an opportunity! Create an alert based on the job you applied for.