Job Details

Home

Senior GCP Security Engineer (DevSecOps) :: remote with Travel at Minneapolis, Minnesota, USA

Email: [email protected]

From:

Deeksha Rawat,

kk Software Associates LLC

[email protected]

Reply to: [email protected]

Job Title: Senior GCP Security Engineer (DevSecOps)

Location: Minneapolis, MN(Preferred), Candidate from nearby states is fine but should be happy to travel at their own expense when called in office.

Duration : 12+ Months

Job Summary: We are looking for an experienced Senior GCP Security Engineer (DevSecOps) to lead and drive security initiatives across our cloud environment. This senior-level role will focus on integrating security into the entire development and operational lifecycle, bridging the gap between Security Analysts, Architects, Developers, and Platform Engineers. The ideal candidate is a subject matter expert in GCP security, with a strong foundation in DevOps practices, and can implement cutting-edge security solutions across cloud infrastructure. You will play a key role in ensuring our GCP environment is secure, scalable, and compliant with industry standards.

Key Responsibilities:

Security Leadership: Lead security design and architecture reviews for GCP environments, ensuring security is embedded at all layers of the infrastructure.

o Define and implement security standards for GCP infrastructure, including network segmentation, firewall rules, and secure configurations for compute, storage, and database services.

o Conduct threat modeling exercises to identify potential security risks and develop mitigation strategies.

o Establish and maintain security baselines for GCP resources

Strategic Collaboration: Partner with security architects, developers, and platform engineers to implement security best practices across DevSecOps pipelines and cloud infrastructure.

o Work closely with development teams to integrate security testing into the software development lifecycle (SDLC).

o Collaborate with operations teams to implement security monitoring and incident response processes.

o Provide guidance to architects and engineers on secure cloud design patterns and best practices.

Advanced Cloud Security: Develop and enhance security controls in GCP, including identity and access management (IAM), encryption strategies, and cloud security posture management (CSPM).

DevSecOps Advocacy: Champion the integration of security automation tools (SAST, DAST, IaC scanning) into CI/CD pipelines, ensuring proactive identification and remediation of vulnerabilities.

Security Automation: Build and maintain automated security tooling for cloud infrastructure, using Infrastructure as Code (IaC) technologies like Terraform to streamline security operations.

Incident Response & Threat Hunting: Collaborate with security operations and incident response teams during investigations and implement remediations for security incidents in GCP.

o Develop and implement security incident response plans for GCP environments.

o Proactively hunt for threats and vulnerabilities in GCP using threat intelligence and security analytics platforms.

o Shift notification channels left to ensure developers receive notifications / alerts about the workloads they deploy and manage.

Compliance & Risk Management: Ensure adherence to security frameworks (SOC 2, ISO 27001, NIST, etc.) and assist with cloud governance, risk, and compliance initiatives.

o Conduct security assessments and audits to ensure compliance with relevant regulations and industry standards (e.g., SOC 2, ISO 27001, PCI DSS, FERPA, GDPR, CCPA).

o Develop and maintain a risk register for GCP environments, identifying and prioritizing security risks.

Monitoring & Threat Detection: Partner with Infosec on implementation and managing security monitoring, logging, and alerting mechanisms across GCP, leveraging native services and third-party tools for continuous security visibility.

Continuous Security Improvement: Lead eZorts to continuously evaluate and improve platform security practices in response to emerging threats, evolving technologies, and industry trends.

o Stay abreast of emerging security threats, vulnerabilities, and best practices in the cloud security domain.

o Research and evaluate new security technologies and tools to enhance the security posture of GCP environments.

o Contribute to the development of security policies and standards for the organization.

Required Skills & Qualifications:

Experience: 7+ years of experience in cloud security engineering, with at least 3 years focused on GCP. 3+ years experience with Terraform.

Certifications: GCP Professional Cloud Security Engineer certification is required. Additional certifications such as GCP Professional Cloud Architect, Certified Kubernetes Security Specialist (CNCF), or CISSP are highly preferred.

DevSecOps Expertise: Strong experience with integrating security within CI/CD pipelines using tools like Jenkins, GitLab, CircleCI, or similar.

Cloud Security Mastery: Deep expertise in GCP services such as IAM, KMS, VPC, Cloud Security Command Center, and security best practices for GCP-native services.

Automation & IaC: Proficiency with Infrastructure as Code tools (Terraform) and cloud security automation. Programming & Scripting: Advanced proficiency in languages like Python, Bash, or similar for automating security tasks and orchestrating security processes.

Security Tools & Frameworks: Hands-on experience with security tools like SAST, DAST, vulnerability scanning, and container security. Familiarity with frameworks such as OWASP, NIST, and CIS.

Soft Skills: Excellent communication and leadership skills, with the ability to work across technical and non-technical teams to implement security strategies.

Preferred Qualifications:

Expertise with containerization and orchestration technologies (Docker, Kubernetes), including security measures for microservices and containerized applications.

Experience using a Internal Developer Platform (Humanitec) to orchestrate workloads. Deleted: , CloudFormation

Experience in Zero Trust security models and GCP implementation strategies.

Knowledge of security compliance frameworks (SOC 2, HIPAA, PCI-DSS) and GCP compliance services.

Keywords: continuous integration continuous deployment rlang Minnesota
Senior GCP Security Engineer (DevSecOps) :: remote with Travel
[email protected]

[email protected]
View all

Tue Oct 15 04:13:00 UTC 2024

To remove this job post send "job_kill 1841231" as subject from [email protected] to [email protected]. Do not write anything extra in the subject line as this is a automatic system which will not work otherwise.

Your reply to [email protected] -

To

Subject
Message -

deeksha.r@kksoftwareassociates.com wrote:
From:

Deeksha Rawat,

kk Software Associates LLC

deeksha.r@kksoftwareassociates.com

Reply to:   deeksha.r@kksoftwareassociates.com

Job Title: Senior GCP Security Engineer (DevSecOps)

Location: Minneapolis, MN(Preferred), Candidate from nearby states is fine but should be happy to travel at their own expense when called in office.

Duration : 12+ Months

Job Summary: We are looking for an experienced Senior GCP Security Engineer (DevSecOps) to lead and drive security initiatives across our cloud environment. This senior-level role will focus on integrating security into the entire development and operational lifecycle, bridging the gap between Security Analysts, Architects, Developers, and Platform Engineers. The ideal candidate is a subject matter expert in GCP security, with a strong foundation in DevOps practices, and can implement cutting-edge security solutions across cloud infrastructure. You will play a key role in ensuring our GCP environment is secure, scalable, and compliant with industry standards.

Key Responsibilities:

Security Leadership: Lead security design and architecture reviews for GCP environments, ensuring security is embedded at all layers of the infrastructure.

o Define and implement security standards for GCP infrastructure, including network segmentation, firewall rules, and secure configurations for compute, storage, and database services.

o Conduct threat modeling exercises to identify potential security risks and develop mitigation strategies.

o Establish and maintain security baselines for GCP resources

Strategic Collaboration: Partner with security architects, developers, and platform engineers to implement security best practices across DevSecOps pipelines and cloud infrastructure.

o Work closely with development teams to integrate security testing into the software development lifecycle (SDLC).

o Collaborate with operations teams to implement security monitoring and incident response processes.

o Provide guidance to architects and engineers on secure cloud design patterns and best practices.

Advanced Cloud Security: Develop and enhance security controls in GCP, including identity and access management (IAM), encryption strategies, and cloud security posture management (CSPM).

DevSecOps Advocacy: Champion the integration of security automation tools (SAST, DAST, IaC scanning) into CI/CD pipelines, ensuring proactive identification and remediation of vulnerabilities.

Security Automation: Build and maintain automated security tooling for cloud infrastructure, using Infrastructure as Code (IaC) technologies like Terraform to streamline security operations.

Incident Response & Threat Hunting: Collaborate with security operations and incident response teams during investigations and implement remediations for security incidents in GCP.

o Develop and implement security incident response plans for GCP environments.

o Proactively hunt for threats and vulnerabilities in GCP using threat intelligence and security analytics platforms.

o Shift notification channels left to ensure developers receive notifications / alerts about the workloads they deploy and manage.

Compliance & Risk Management: Ensure adherence to security frameworks (SOC 2, ISO 27001, NIST, etc.) and assist with cloud governance, risk, and compliance initiatives.

o Conduct security assessments and audits to ensure compliance with relevant regulations and industry standards (e.g., SOC 2, ISO 27001, PCI DSS, FERPA, GDPR, CCPA).

o Develop and maintain a risk register for GCP environments, identifying and prioritizing security risks.

Monitoring & Threat Detection: Partner with Infosec on implementation and managing security monitoring, logging, and alerting mechanisms across GCP, leveraging native services and third-party tools for continuous security visibility.

Continuous Security Improvement: Lead eZorts to continuously evaluate and improve platform security practices in response to emerging threats, evolving technologies, and industry trends.

o Stay abreast of emerging security threats, vulnerabilities, and best practices in the cloud security domain.

o Research and evaluate new security technologies and tools to enhance the security posture of GCP environments.

o Contribute to the development of security policies and standards for the organization.

Required Skills & Qualifications:

Experience: 7+ years of experience in cloud security engineering, with at least 3 years focused on GCP. 3+ years experience with Terraform.

Certifications: GCP Professional Cloud Security Engineer certification is required. Additional certifications such as GCP Professional Cloud Architect, Certified Kubernetes Security Specialist (CNCF), or CISSP are highly preferred.

DevSecOps Expertise: Strong experience with integrating security within CI/CD pipelines using tools like Jenkins, GitLab, CircleCI, or similar.

Cloud Security Mastery: Deep expertise in GCP services such as IAM, KMS, VPC, Cloud Security Command Center, and security best practices for GCP-native services.

Automation & IaC: Proficiency with Infrastructure as Code tools (Terraform) and cloud security automation. Programming & Scripting: Advanced proficiency in languages like Python, Bash, or similar for automating security tasks and orchestrating security processes.

Security Tools & Frameworks: Hands-on experience with security tools like SAST, DAST, vulnerability scanning, and container security. Familiarity with frameworks such as OWASP, NIST, and CIS.

Soft Skills: Excellent communication and leadership skills, with the ability to work across technical and non-technical teams to implement security strategies.

Preferred Qualifications:

Expertise with containerization and orchestration technologies (Docker, Kubernetes), including security measures for microservices and containerized applications.

Experience using a Internal Developer Platform (Humanitec) to orchestrate workloads. Deleted: , CloudFormation

Experience in Zero Trust security models and GCP implementation strategies.

Knowledge of security compliance frameworks (SOC 2, HIPAA, PCI-DSS) and GCP compliance services.

Keywords: continuous integration continuous deployment rlang Minnesota 
Senior GCP Security Engineer (DevSecOps) :: remote with Travel
deeksha.r@kksoftwareassociates.com

Your email id:

Captcha Image:

Captcha Code:

Pages not loading, taking too much time to load, server timeout or unavailable, or any other issues please contact admin at [email protected]
Time Taken: 9

Location: Minneapolis, Minnesota