Google Cloud Platform Security Engineer - Vulnerability Assessment (5-11 yrs)

We are looking for a GCP Security Engineer to design, implement, and manage security controls in Google Cloud environments. The ideal candidate will have experience securing GCP workloads, IAM, networking, compliance, and DevSecOps processes.

Key Responsibilities :

- Implement and maintain GCP security best practices across IAM, networking, and data security.

- Configure GCP IAM policies, service accounts, and least privilege access.

- Secure GCP networking using VPC Service Controls, Cloud Armor, Firewall rules, and private connectivity.

- Integrate GCP Security Command Center, Chronicle SIEM, Forseti Security, and SCC alerts into security operations.

- Automate security testing in CI/CD pipelines using security tools like SAST, DAST, and vulnerability scanning.

- Implement encryption (Cloud KMS, CMEK), DLP, and secrets management best practices.

- Perform container security assessments for Kubernetes (GKE) and serverless workloads.

- Ensure compliance with security standards (CIS GCP Benchmark, NIST, ISO 27001, SOC 2).

- Monitor and respond to threats and incidents using GCP security tools like Cloud Audit Logs, Google Security Command Center, and Chronicle.

- Work with DevOps and security teams to establish DevSecOps principles and security automation.

Required Skills & Qualifications :

- 3+ years of experience in cloud security, DevSecOps, or GCP security engineering.

- Hands-on expertise with GCP security services (IAM, Cloud Security Scanner, Forseti, Cloud KMS).

- Strong knowledge of GCP networking security (VPC, Firewall, Cloud Armor, Identity-Aware Proxy).

- Experience with Infrastructure as Code (Terraform, Deployment Manager) for security automation.

- Familiarity with SOC 2, NIST, CIS, ISO 27001, GDPR, and compliance frameworks.

- CI/CD security experience (Jenkins, GitHub Actions, GitLab CI, Cloud Build security).

- Strong Python, Bash, or Terraform scripting for security automation.

- Knowledge of SIEM, SOAR, and Incident Response in GCP.

- Google Cloud security certification (Google Professional Cloud Security Engineer) is a plus.

Nice to Have :

- Experience with Zero Trust Security (BeyondCorp Enterprise, IAP, Identity-Aware Proxy).

- Hands-on knowledge of Kubernetes (GKE) and container security tools (Aqua, Prisma Cloud, Kube-bench).

- Exposure to API security and Web Application Firewalls (Cloud Armor, Apigee Security).