| Remote Hiring : Senior GCP Security Engineer (DevSecOps) at Minneapolis, MN at Minneapolis, Minnesota, USA |
| Email: [email protected] |
| From: Somesh Gupta, KK Software Associates [email protected] Reply to: [email protected] Hello, Hope you are doing well ! Please let me know if you are interested Role : Senior GCP Security Engineer (DevSecOps) Locations : Minneapolis, MN (Remote) Duration: Long- Term Contract Job Description: Job Summary: We are looking for an experienced Senior GCP Security Engineer (DevSecOps) to lead and drive security initiatives across our cloud environment. This senior-level role will focus on integrating security into the entire development and operational lifecycle, bridging the gap between Security Analysts, Architects, Developers, and Platform Engineers. The ideal candidate is a subject matter expert in GCP security, with a strong foundation in DevOps practices, and can implement cutting-edge security solutions across cloud infrastructure. You will play a key role in ensuring our GCP environment is secure, scalable, and compliant with industry standards. Key Responsibilities: Security Leadership: Lead security design and architecture reviews for GCP environments, ensuring security is embedded at all layers of the infrastructure. o Define and implement security standards for GCP infrastructure, including network segmentation, firewall rules, and secure configurations for compute, storage, and database services. o Conduct threat modeling exercises to identify potential security risks and develop mitigation strategies. o Establish and maintain security baselines for GCP resources Strategic Collaboration: Partner with security architects, developers, and platform engineers to implement security best practices across DevSecOps pipelines and cloud infrastructure. o Work closely with development teams to integrate security testing into the software development lifecycle (SDLC). o Collaborate with operations teams to implement security monitoring and incident response processes. o Provide guidance to architects and engineers on secure cloud design patterns and best practices. Advanced Cloud Security: Develop and enhance security controls in GCP, including identity and access management (IAM), encryption strategies, and cloud security posture management (CSPM). DevSecOps Advocacy: Champion the integration of security automation tools (SAST, DAST, IaC scanning) into CI/CD pipelines, ensuring proactive identification and remediation of vulnerabilities. Security Automation: Build and maintain automated security tooling for cloud infrastructure, using Infrastructure as Code (IaC) technologies like Terraform to streamline security operations. Incident Response & Threat Hunting: Collaborate with security operations and incident response teams during investigations and implement remediations for security incidents in GCP. o Develop and implement security incident response plans for GCP environments. o Proactively hunt for threats and vulnerabilities in GCP using threat intelligence and security analytics platforms. o Shift notification channels left to ensure developers receive notifications / alerts about the workloads they deploy and manage. Compliance & Risk Management: Ensure adherence to security frameworks (SOC 2, ISO 27001, NIST, etc.) and assist with cloud governance, risk, and compliance initiatives. o Conduct security assessments and audits to ensure compliance with relevant regulations and industry standards (e.g., SOC 2, ISO 27001, PCI DSS, FERPA, GDPR, CCPA). o Develop and maintain a risk register for GCP environments, identifying and prioritizing security risks. Monitoring & Threat Detection: Partner with Infosec on implementation and managing security monitoring, logging, and alerting mechanisms across GCP, leveraging native services and third-party tools for continuous security visibility. Continuous Security Improvement: Lead eZorts to continuously evaluate and improve platform security practices in response to emerging threats, evolving technologies, and industry trends. o Stay abreast of emerging security threats, vulnerabilities, and best practices in the cloud security domain. o Research and evaluate new security technologies and tools to enhance the security posture of GCP environments. o Contribute to the development of security policies and standards for the organization. Required Skills & Qualifications: Experience: 7+ years of experience in cloud security engineering, with at least 3 years focused on GCP. 3+ years experience with Terraform. Certifications: GCP Professional Cloud Security Engineer certification is required. Additional certifications such as GCP Professional Cloud Architect, Certified Kubernetes Security Specialist (CNCF), or CISSP are highly preferred. DevSecOps Expertise: Strong experience with integrating security within CI/CD pipelines using tools like Jenkins, GitLab, CircleCI, or similar. Cloud Security Mastery: Deep expertise in GCP services such as IAM, KMS, VPC, Cloud Security Command Center, and security best practices for GCP-native services. Automation & IaC: Proficiency with Infrastructure as Code tools (Terraform) and cloud security automation. Programming & Scripting: Advanced proficiency in languages like Python, Bash, or similar for automating security tasks and orchestrating security processes. Security Tools & Frameworks: Hands-on experience with security tools like SAST, DAST, vulnerability scanning, and container security. Familiarity with frameworks such as OWASP, NIST, and CIS. Soft Skills: Excellent communication and leadership skills, with the ability to work across technical and non-technical teams to implement security strategies. Preferred Qualifications: Expertise with containerization and orchestration technologies (Docker, Kubernetes), including security measures for microservices and containerized applications. Experience using a Internal Developer Platform (Humanitec) to orchestrate workloads. Deleted: , CloudFormation Experience in Zero Trust security models and GCP implementation strategies. Knowledge of security compliance frameworks (SOC 2, HIPAA, PCI-DSS) and GCP compliance services. Regards, Somesh Gupta | Technical Recruiter KK Associates LLC. 8751 Collin McKinney Pkwy, # 1302, McKinney, TX 75070 555 Metro Place North, Suite # 100, Dublin, OH 43017 Keywords: continuous integration continuous deployment Minnesota Ohio Texas Remote Hiring : Senior GCP Security Engineer (DevSecOps) at Minneapolis, MN [email protected] |
| [email protected] View all |
| Fri Oct 18 03:48:00 UTC 2024 |