Job Details

Home

Senior GCP Security Engineer (DevSecOps) Senior GCP Security Engineer (DevSecOps) at Minneapolis, Minnesota, USA

Job Title: Senior GCP Security Engineer (DevSecOps)

Location: Minneapolis, MN(Preferred), Candidate from nearby states is fine but should be happy to travel at their own expense when called in office.

Job Summary
: We are looking for an experienced Senior GCP Security Engineer (DevSecOps) to lead and drive security initiatives across our cloud environment. This senior-level role will
focus on integrating security into the entire development and operational lifecycle, bridging the gap between Security Analysts, Architects, Developers, and Platform Engineers. The ideal candidate is a subject matter expert in GCP security, with a strong foundation
in DevOps practices, and can implement cutting-edge security solutions across cloud infrastructure. You will play a key role in ensuring our GCP environment is secure, scalable, and compliant with industry standards.

Key Responsibilities:

Security Leadership: Lead security design and architecture reviews for GCP environments, ensuring security is embedded at all layers of the infrastructure.

o Define and implement security standards for GCP infrastructure, including network segmentation, firewall rules, and secure configurations for compute, storage, and database services.

o Conduct threat modeling exercises to identify potential security risks and develop mitigation strategies.

o Establish and maintain security baselines for GCP resources

Strategic Collaboration: Partner with security architects, developers, and platform engineers to implement security best practices across DevSecOps pipelines and cloud infrastructure.

o Work closely with development teams to integrate security testing into the software development lifecycle (SDLC).

o Collaborate with operations teams to implement security monitoring and incident response processes.

o Provide guidance to architects and engineers on secure cloud design patterns and best practices.

Advanced Cloud Security: Develop and enhance security controls in GCP, including identity and access management (IAM), encryption strategies, and cloud security posture management (CSPM).

DevSecOps Advocacy: Champion the integration of security automation tools (SAST, DAST, IaC scanning) into CI/CD pipelines, ensuring proactive identification and remediation of vulnerabilities.

Security Automation: Build and maintain automated security tooling for cloud infrastructure, using Infrastructure as Code (IaC) technologies like Terraform to streamline security operations.

Incident Response & Threat Hunting: Collaborate with security operations and incident response teams during investigations and implement remediations for security incidents in GCP.

o Develop and implement security incident response plans for GCP environments.

o Proactively hunt for threats and vulnerabilities in GCP using threat intelligence and security analytics platforms.

o Shift notification channels left to ensure developers receive notifications / alerts about the workloads they deploy and manage.

Compliance & Risk Management: Ensure adherence to security frameworks (SOC 2, ISO 27001, NIST, etc.) and assist with cloud governance, risk, and compliance initiatives.

o Conduct security assessments and audits to ensure compliance with relevant regulations and industry standards (e.g., SOC 2, ISO 27001, PCI DSS, FERPA, GDPR, CCPA).

o Develop and maintain a risk register for GCP environments, identifying and prioritizing security risks.

Monitoring & Threat Detection: Partner with Infosec on implementation and managing security monitoring, logging, and alerting mechanisms across GCP, leveraging native services and third-party tools for continuous security
visibility.

Continuous Security Improvement: Lead eZorts to continuously evaluate and improve platform security practices in response to emerging threats, evolving technologies, and industry trends.

o Stay abreast of emerging security threats, vulnerabilities, and best practices in the cloud security domain.

o Research and evaluate new security technologies and tools to enhance the security posture of GCP environments.

o Contribute to the development of security policies and standards for the organization.

Required Skills & Qualifications:

Experience: 7+ years of experience in cloud security engineering, with at least 3 years focused on GCP. 3+ years experience with Terraform.

Certifications: GCP Professional Cloud Security Engineer certification is required. Additional certifications such as GCP Professional Cloud Architect, Certified Kubernetes Security Specialist (CNCF), or CISSP are
highly preferred.

DevSecOps Expertise: Strong experience with integrating security within CI/CD pipelines using tools like Jenkins, GitLab, CircleCI, or similar.

Cloud Security Mastery: Deep expertise in GCP services such as IAM, KMS, VPC, Cloud Security Command Center, and security best practices for GCP-native services.

Automation & IaC: Proficiency with Infrastructure as Code tools (Terraform) and cloud security automation. Programming & Scripting: Advanced proficiency in languages like Python, Bash, or similar for automating security
tasks and orchestrating security processes.

Security Tools & Frameworks: Hands-on experience with security tools like SAST, DAST, vulnerability scanning, and container security. Familiarity with frameworks such as OWASP, NIST, and CIS.

Soft Skills: Excellent communication and leadership skills, with the ability to work across technical and non-technical teams to implement security strategies.

Preferred Qualifications:

Expertise with containerization and orchestration technologies (Docker, Kubernetes), including security measures for microservices and containerized applications.

Experience using a Internal Developer Platform (Humanitec) to orchestrate workloads. Deleted: , CloudFormation

Experience in Zero Trust security models and GCP implementation strategies.

Knowledge of security compliance frameworks (SOC 2, HIPAA, PCI-DSS) and GCP compliance services.

Thank you,

Anil

Team Lead || Agile

Squad
Inc
.

Phone
:

(609) 250-0141

Site
:

www.agilesquadinc.com

Email
:

[email protected]

Gmail
:

[email protected]

CONFIDENTIALITY NOTICE
:
The
information contained in this communication from Agile Squad Inc is privileged and confidential and is intended for the sole use of the persons or entities who are the addressees. If you are not an intended recipient of this email, the dissemination, distribution,
copying or use of the information it contains is strictly prohibited. If you have received this communication in error, please immediately contact the sender.

--

Keywords: continuous integration continuous deployment information technology Minnesota
Senior GCP Security Engineer (DevSecOps) Senior GCP Security Engineer (DevSecOps)
[email protected]

[email protected]
View All

02:00 AM 15-Oct-24

To remove this job post send "job_kill 1840851" as subject from [email protected] to [email protected]. Do not write anything extra in the subject line as this is a automatic system which will not work otherwise.

Your reply to [email protected] -

To

Subject
Message -

anil@agilesquadinc.com wrote:
Job Title: Senior GCP Security Engineer (DevSecOps)

Location: Minneapolis, MN(Preferred), Candidate from nearby states is fine but should be happy to travel at their own expense when called in office.

Job Summary
: We are looking for an experienced Senior GCP Security Engineer (DevSecOps) to lead and drive security initiatives across our cloud environment. This senior-level role will
 focus on integrating security into the entire development and operational lifecycle, bridging the gap between Security Analysts, Architects, Developers, and Platform Engineers. The ideal candidate is a subject matter expert in GCP security, with a strong foundation
 in DevOps practices, and can implement cutting-edge security solutions across cloud infrastructure. You will play a key role in ensuring our GCP environment is secure, scalable, and compliant with industry standards.

Key Responsibilities:

Security Leadership: Lead security design and architecture reviews for GCP environments, ensuring security is embedded at all layers of the infrastructure.

o Define and implement security standards for GCP infrastructure, including network segmentation, firewall rules, and secure configurations for compute, storage, and database services.

o Conduct threat modeling exercises to identify potential security risks and develop mitigation strategies.

o Establish and maintain security baselines for GCP resources

Strategic Collaboration: Partner with security architects, developers, and platform engineers to implement security best practices across DevSecOps pipelines and cloud infrastructure.

o Work closely with development teams to integrate security testing into the software development lifecycle (SDLC).

o Collaborate with operations teams to implement security monitoring and incident response processes.

o Provide guidance to architects and engineers on secure cloud design patterns and best practices.

Advanced Cloud Security: Develop and enhance security controls in GCP, including identity and access management (IAM), encryption strategies, and cloud security posture management (CSPM).

DevSecOps Advocacy: Champion the integration of security automation tools (SAST, DAST, IaC scanning) into CI/CD pipelines, ensuring proactive identification and remediation of vulnerabilities.

Security Automation: Build and maintain automated security tooling for cloud infrastructure, using Infrastructure as Code (IaC) technologies like Terraform to streamline security operations.

Incident Response & Threat Hunting: Collaborate with security operations and incident response teams during investigations and implement remediations for security incidents in GCP.

o Develop and implement security incident response plans for GCP environments.

o Proactively hunt for threats and vulnerabilities in GCP using threat intelligence and security analytics platforms.

o Shift notification channels left to ensure developers receive notifications / alerts about the workloads they deploy and manage.

Compliance & Risk Management: Ensure adherence to security frameworks (SOC 2, ISO 27001, NIST, etc.) and assist with cloud governance, risk, and compliance initiatives.

o Conduct security assessments and audits to ensure compliance with relevant regulations and industry standards (e.g., SOC 2, ISO 27001, PCI DSS, FERPA, GDPR, CCPA).

o Develop and maintain a risk register for GCP environments, identifying and prioritizing security risks.

Monitoring & Threat Detection: Partner with Infosec on implementation and managing security monitoring, logging, and alerting mechanisms across GCP, leveraging native services and third-party tools for continuous security
 visibility.

Continuous Security Improvement: Lead eZorts to continuously evaluate and improve platform security practices in response to emerging threats, evolving technologies, and industry trends.

o Stay abreast of emerging security threats, vulnerabilities, and best practices in the cloud security domain.

o Research and evaluate new security technologies and tools to enhance the security posture of GCP environments.

o Contribute to the development of security policies and standards for the organization.

Required Skills & Qualifications:

Experience: 7+ years of experience in cloud security engineering, with at least 3 years focused on GCP. 3+ years experience with Terraform.

Certifications: GCP Professional Cloud Security Engineer certification is required. Additional certifications such as GCP Professional Cloud Architect, Certified Kubernetes Security Specialist (CNCF), or CISSP are
 highly preferred.

DevSecOps Expertise: Strong experience with integrating security within CI/CD pipelines using tools like Jenkins, GitLab, CircleCI, or similar.

Cloud Security Mastery: Deep expertise in GCP services such as IAM, KMS, VPC, Cloud Security Command Center, and security best practices for GCP-native services.

Automation & IaC: Proficiency with Infrastructure as Code tools (Terraform) and cloud security automation. Programming & Scripting: Advanced proficiency in languages like Python, Bash, or similar for automating security
 tasks and orchestrating security processes.

Security Tools & Frameworks: Hands-on experience with security tools like SAST, DAST, vulnerability scanning, and container security. Familiarity with frameworks such as OWASP, NIST, and CIS.

Soft Skills: Excellent communication and leadership skills, with the ability to work across technical and non-technical teams to implement security strategies.

Preferred Qualifications:

Expertise with containerization and orchestration technologies (Docker, Kubernetes), including security measures for microservices and containerized applications.

Experience using a Internal Developer Platform (Humanitec) to orchestrate workloads. Deleted: , CloudFormation

Experience in Zero Trust security models and GCP implementation strategies.

Knowledge of security compliance frameworks (SOC 2, HIPAA, PCI-DSS) and GCP compliance services.

Thank you,

Anil

Team Lead || Agile

Squad
 Inc
.

Phone
:

(609) 250-0141

Site
:

www.agilesquadinc.com

Email
:

anil@agilesquadinc.com

Gmail
:

anilwork948@gmail.com

CONFIDENTIALITY NOTICE
: 
The
 information contained in this communication from Agile Squad Inc is privileged and confidential and is intended for the sole use of the persons or entities who are the addressees. If you are not an intended recipient of this email, the dissemination, distribution,
 copying or use of the information it contains is strictly prohibited. If you have received this communication in error, please immediately contact the sender.

Keywords: continuous integration continuous deployment information technology Minnesota 
Senior GCP Security Engineer (DevSecOps) Senior GCP Security Engineer (DevSecOps)
anil@agilesquadinc.com

Your email id:

Captcha Image:

Captcha Code:

Pages not loading, taking too much time to load, server timeout or unavailable, or any other issues please contact admin at [email protected]

Time Taken: 8

Location: Minneapolis, Minnesota