We're looking for a GCP Cloud Security Engineeris who will be responsible for ensuring the security of cloud-based systems and applications on the Google Cloud Platform (GCP). Here are roles and responsibilities:
1. *Security Integration*: Embed security practices into the CI/CD pipeline, ensuring security is a core component of software development
2. *Vulnerability Management*: Conduct regular security assessments, vulnerability scans, and penetration testing on GCP resources to identify and mitigate security
3. *Infrastructure as Code (IaC)*: Develop and maintain secure IaC templates (e.g., Terraform, Cloud Deployment Manager) to automate provisioning and configuration of GCP resources
4. *Monitoring and Logging*: Implement security monitoring and logging solutions using tools like Google Cloud Security Command Center and Stack driver to detect and respond to threats
5. *Incident Response*: Collaborate with incident response teams to investigate and remediate security incidents in GCP environments
6. *Access Control*: Manage and enforce identity and access management (IAM) policies, ensuring least privilege access across GCP services
7. *Compliance Assurance*: Ensure compliance with relevant security standards and frameworks (e.g., CIS, NIST) within GCP
8. *Security Awareness*: Provide training and support to development and operations teams on security best practices and secure coding techniques
*Qualifications*:
- 3+ years of experience in infra and information security with a focus on cloud security, preferably in GCP
- Strong knowledge of GCP security services, including IAM, VPC, Cloud Armor, and Data Loss Prevention.
- Proficiency in scripting and automation using languages such as Python, Bash, YAML.
- Experience with container security (e.g., Docker, Cloud Run) and CI/CD tools.
- Relevant certifications (e.g., Google Cloud Professional Cloud Security Engineer preferred).