Job Title: GCP Security SecDevOps Engineer Location: Onsite: 3 days a week NYC, NY or Alpharetta, GA Rate: DOE Duration : 06 Months plus contract

Position Overview: We are seeking a highly skilled GCP Security SecDevOps Engineer to join our dynamic team and strengthen our security posture across our Google Cloud Platform (GCP) environment. In this critical role, you will collaborate closely with development and operations teams to seamlessly integrate security practices into the DevOps pipeline. Your expertise in cloud security, automation, and DevOps processes will help ensure the secure design, deployment, and management of cloud-native applications and infrastructure.

Key Responsibilities: Security Integration in DevOps: Collaborate with Development and Operations teams to embed security practices (SecDevOps) throughout the software development lifecycle (SDLC). Cloud Security Architecture: Design, implement, and continuously improve cloud security solutions for GCP-hosted applications and infrastructure. Automation and CI/CD Security: Automate security checks within the CI/CD pipeline to ensure the safe deployment of cloud applications. Incident Response & Monitoring: Monitor GCP resources for potential security threats, vulnerabilities, and breaches, and lead incident response efforts as needed. Vulnerability Management: Conduct regular vulnerability assessments and work with teams to remediate any discovered issues. Compliance and Best Practices: Ensure cloud infrastructure is compliant with relevant security policies, regulations, and industry best practices (e.g., NIST, CIS benchmarks). Cloud Infrastructure Security: Secure the architecture of cloud-native services such as Kubernetes, GKE, IAM, and other GCP services. Security Automation & Scripting: Write and maintain scripts (using tools such as Terraform, CloudFormation, or Python) to automate security tasks and workflows within the cloud environment.

Required Qualifications: Experience: 3+ years of hands-on experience with Google Cloud Platform (GCP) security and SecDevOps practices. Proven expertise in integrating security controls into CI/CD pipelines . Familiarity with Cloud Security Posture Management (CSPM) tools and practices.

Technical Skills: Strong knowledge of GCP services such as IAM, Kubernetes Engine (GKE), Cloud Storage, Pub/Sub, and BigQuery. Experience with security tools such as Google Cloud Security Command Center, Cloud Identity, and Security Health Analytics. Proficiency in automation tools (e.g., Terraform, Ansible, Jenkins) and Scripting (Python, Shell).

Security Practices & Frameworks: Familiar with security frameworks such as CIS Benchmarks , NIST , and OWASP . Experience in implementing identity and access management (IAM) in cloud environments.

Incident Response & Threat Hunting: Ability to analyze and respond to security incidents in real-time, identifying root causes and remediating threats.

Collaboration & Communication: Strong team player with the ability to collaborate cross-functionally with engineering, operations, and security teams. Ability to explain complex security concepts to non-technical stakeholders.

Preferred Qualifications: Experience with Kubernetes and container security. GCP certifications (e.g., Professional Cloud Security Engineer, Associate Cloud Engineer). Familiarity with Cloud-native security tools such as Prisma Cloud, Aqua Security, or similar.