Sr. Google Cloud Platform Security Engineer (DevSecOps)
@
Tech Miners LLC
Techminers has been focused on the development of service models that leverage defined processes and performance metrics in order to maximize visibility, control and productivity. Each of Techminers offerings enables customers to concentrate on their core competencies while preserving customer control over the IT function.
AWS
Azure
GCP
Kubernetes
Terraform
Docker
Tech Miners LLC
Techminers has been focused on the development of service models that leverage defined processes and performance metrics in order to maximize visibility, control and productivity. Each of Techminers offerings enables customers to concentrate on their core competencies while preserving customer control over the IT function.
Key Responsibilities:
- Security Leadership: Lead security design and architecture reviews for Google Cloud Platform environments, ensuring security is embedded at all layers of the infrastructure.
- Define and implement security standards for Google Cloud Platform infrastructure, including network segmentation, firewall rules, and secure configurations for compute, storage, and database services.
- Conduct threat modeling exercises to identify potential security risks and develop mitigation strategies.
- Establish and maintain security baselines for Google Cloud Platform resources
- Strategic Collaboration: Partner with security architects, developers, and platform engineers to implement security best practices across DevSecOps pipelines and cloud infrastructure.
- Work closely with development teams to integrate security testing into the software development lifecycle (SDLC).
- Collaborate with operations teams to implement security monitoring and incident response processes.
- Provide guidance to architects and engineers on secure cloud design patterns and best practices.
- Advanced Cloud Security: Develop and enhance security controls in Google Cloud Platform, including identity and access management (IAM), encryption strategies, and cloud security posture management (CSPM).
- DevSecOps Advocacy: Champion the integration of security automation tools (SAST, DAST, IaC scanning) into CI/CD pipelines, ensuring proactive identification and remediation of vulnerabilities.
- Security Automation: Build and maintain automated security tooling for cloud infrastructure, using Infrastructure as Code (IaC) technologies like Terraform to streamline security operations.
- Incident Response & Threat Hunting: Collaborate with security operations and incident response teams during investigations and implement remediations for security incidents in Google Cloud Platform.
- Develop and implement security incident response plans for Google Cloud Platform environments.
- Proactively hunt for threats and vulnerabilities in Google Cloud Platform using threat intelligence and security analytics platforms.
- “Shift” notification channels left to ensure developers receive notifications / alerts about the workloads they deploy and manage.
- Compliance & Risk Management: Ensure adherence to security frameworks (SOC 2, ISO 27001, NIST, etc.) and assist with cloud governance, risk, and compliance initiatives.
- Conduct security assessments and audits to ensure compliance with relevant regulations and industry standards (e.g., SOC 2, ISO 27001, PCI DSS, FERPA, GDPR, CCPA).
- Develop and maintain a risk register for Google Cloud Platform environments, identifying and prioritizing security risks.
- Monitoring & Threat Detection: Partner with Infosec on implementation and managing security monitoring, logging, and alerting mechanisms across Google Cloud Platform, leveraging native services and third-party tools for continuous security visibility.
- Continuous Security Improvement: Lead eZorts to continuously evaluate and improve platform security practices in response to emerging threats, evolving technologies, and industry trends.
- Stay abreast of emerging security threats, vulnerabilities, and best practices in the cloud security domain.
- Research and evaluate new security technologies and tools to enhance the security posture of Google Cloud Platform environments.
- Contribute to the development of security policies and standards for the organization.
Key Responsibilities:
- Security Leadership: Lead security design and architecture reviews for Google Cloud Platform environments, ensuring security is embedded at all layers of the infrastructure.
- Define and implement security standards for Google Cloud Platform infrastructure, including network segmentation, firewall rules, and secure configurations for compute, storage, and database services.
- Conduct threat modeling exercises to identify potential security risks and develop mitigation strategies.
- Establish and maintain security baselines for Google Cloud Platform resources
- Strategic Collaboration: Partner with security architects, developers, and platform engineers to implement security best practices across DevSecOps pipelines and cloud infrastructure.
- Work closely with development teams to integrate security testing into the software development lifecycle (SDLC).
- Collaborate with operations teams to implement security monitoring and incident response processes.
- Provide guidance to architects and engineers on secure cloud design patterns and best practices.
- Advanced Cloud Security: Develop and enhance security controls in Google Cloud Platform, including identity and access management (IAM), encryption strategies, and cloud security posture management (CSPM).
- DevSecOps Advocacy: Champion the integration of security automation tools (SAST, DAST, IaC scanning) into CI/CD pipelines, ensuring proactive identification and remediation of vulnerabilities.
- Security Automation: Build and maintain automated security tooling for cloud infrastructure, using Infrastructure as Code (IaC) technologies like Terraform to streamline security operations.
- Incident Response & Threat Hunting: Collaborate with security operations and incident response teams during investigations and implement remediations for security incidents in Google Cloud Platform.
- Develop and implement security incident response plans for Google Cloud Platform environments.
- Proactively hunt for threats and vulnerabilities in Google Cloud Platform using threat intelligence and security analytics platforms.
- “Shift” notification channels left to ensure developers receive notifications / alerts about the workloads they deploy and manage.
- Compliance & Risk Management: Ensure adherence to security frameworks (SOC 2, ISO 27001, NIST, etc.) and assist with cloud governance, risk, and compliance initiatives.
- Conduct security assessments and audits to ensure compliance with relevant regulations and industry standards (e.g., SOC 2, ISO 27001, PCI DSS, FERPA, GDPR, CCPA).
- Develop and maintain a risk register for Google Cloud Platform environments, identifying and prioritizing security risks.
- Monitoring & Threat Detection: Partner with Infosec on implementation and managing security monitoring, logging, and alerting mechanisms across Google Cloud Platform, leveraging native services and third-party tools for continuous security visibility.
- Continuous Security Improvement: Lead eZorts to continuously evaluate and improve platform security practices in response to emerging threats, evolving technologies, and industry trends.
- Stay abreast of emerging security threats, vulnerabilities, and best practices in the cloud security domain.
- Research and evaluate new security technologies and tools to enhance the security posture of Google Cloud Platform environments.
- Contribute to the development of security policies and standards for the organization.
