Job Summary:
We are seeking a highly skilled and experienced GCP Security Lead to take ownership of the security posture of our Google Cloud Platform environments. You will be responsible for defining, implementing, and monitoring security controls, ensuring compliance with industry standards, and driving security best practices across our cloud infrastructure.
Key Responsibilities:
Cloud Security Architecture:
Design, implement, and maintain security architecture for workloads and services deployed on GCP.
Security Governance & Compliance:
Ensure adherence to regulatory requirements (e.g., ISO 27001, SOC 2, HIPAA, GDPR) and internal policies through automation and controls.
Identity & Access Management:
Oversee IAM policies, service accounts, roles, and permissions to enforce least privilege and zero trust principles.
Threat Detection & Response:
Deploy and manage GCP-native security tools such as Security Command Center, Chronicle, Event Threat Detection, and integrate with SIEM/SOAR platforms.
DevSecOps Integration:
Embed security in CI/CD pipelines, work with DevOps teams to ensure secure code, image scanning, and infrastructure as code (IaC) security checks.
Vulnerability & Risk Management:
Continuously assess risks, conduct vulnerability scans, and collaborate with engineering teams to remediate issues.
Logging & Monitoring:
Implement and manage centralized logging, audit trails, and real-time alerting using GCP-native tools and third-party solutions.
Security Awareness & Collaboration:
Work closely with development, infrastructure, and product teams to evangelize cloud security best practices and conduct periodic training.
Required Qualifications:
Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
6+ years of experience in cybersecurity with at least 3+ years in GCP security-focused roles.
Deep understanding of GCP services (Compute Engine, GKE, Cloud Storage, BigQuery, VPC, Cloud Armor, etc.).
Hands-on experience with GCP Security Command Center, IAM, KMS, DLP, and logging tools.
Proficiency in scripting or automation (Python, Terraform, Bash, etc.).
Experience with security frameworks (NIST, CIS Benchmarks, etc.).
Strong analytical and problem-solving skills.
Preferred Qualifications:
GCP certifications such as:
Professional Cloud Security Engineer
Professional Cloud Architect
Experience with multi-cloud or hybrid cloud environments.
Familiarity with containers and Kubernetes (especially GKE security).
Experience with security incident response in cloud environments.
