Cloud Network Security Engineer
Role details
Job location
Tech stack
Job description
- Architecture & Design: Design, implement, and maintain highly secure cloud network architectures within Google Cloud Platform (GCP), adhering to Zero Trust principles and organizational security standards.
- Network Security Operations: Deploy, configure, and manage core GCP network security services, including Cloud Next-Generation Firewalls (NGFW), VPC Service Controls (VPC SC), Cloud Intrusion Detection Systems (Cloud IDS), and Cloud Armor.
- Infrastructure as Code (IaC): Lead the automation of network security infrastructure deployment using IaC tools (primarily Terraform). Build and maintain reusable modules for secure baseline configurations.
- Monitoring & Threat Detection: Implement and tune logging and monitoring solutions for network traffic. Respond to alerts generated by Cloud Logging, SIEM platforms, and centralized firewall logging.
- Cross-Functional Collaboration: Partner closely with Cloud Architects, Platform engineering DevOps, and application teams to embed security requirements into cloud deployments without hindering developer velocity.
- Governance & Compliance: Ensure all cloud network configurations comply with internal policies, industry regulations, and best practices.
Requirements
- Experience: 5+ years of experience in Network Engineering or Information Security, with at least 2+ years of dedicated, hands-on experience securing Google Cloud Platform (GCP) environments.
- Cloud Platform (GCP): Deep understanding of GCP networking constructs, including Shared VPCs, Cloud Router, Cloud NAT, Interconnect, and Peering.
- Network Security Services: Proven technical expertise in configuring and managing:
- GCP Cloud Firewalls (Standard and NGFW/Hierarchical)
- VPC Service Controls (VPC SC) for data exfiltration mitigation
- Cloud IDS / IPS solutions
- Cloud Armor (WAF and DDoS protection)
- Secure web gateways and proxy solutions
- Infrastructure as Code (IaC): Advanced proficiency in Terraform. Experience writing, testing, and managing complex state files and custom provider modules for cloud infrastructure.
- Scripting & Automation: Strong scripting skills in Python, Go, or Bash for automating routine security tasks, API integrations, and custom remediation scripts.
- Version Control & CI/CD: Hands-on experience with Git workflows and embedding IaC deployments into CI/CD pipelines., * Certifications: Google Cloud Professional Security Engineer, Google Cloud Professional Network Engineer, CISSP, or equivalent industry certifications.
- Multi-Cloud Knowledge: Familiarity with cross-cloud connectivity and security principles across Azure or AWS is a strong plus.
- Advanced Threat Modeling: Experience conducting threat modeling for complex distributed cloud architectures.
Minimum Education
Bachelor's degree in computer science, information systems and/or equivalent formal training or work experience.
Minimum Experience
Six (6) years' experience in a minimum of four (4) of the following areas: Business continuity and disaster recovery, network forensics, security and risk frameworks, endpoint security, information systems auditing, vendor risk assessment, cyber risk assessment, network intrusion detection/prevention, identity and access management, IT lifecycle management.
Knowledge, Skills, and Abilities
Strong technical, consulting, and project management skills.
Ability to communicate technical subject matter effectively to multiple organizational layers., * Right to Work Notice (English) / (Spanish)
Benefits & conditions
Pay: US: $8,007.29/mo - $18,149.85/mo, CO: $8,007.29/mo - $17,393.61/mo, MD: $8,452.14/mo - $18,149.85/mo, NJ: $8,452.14/mo - $18,149.85/mo, NY: $8,452.14/mo - $18,149.85/mo, NYC: $10,231.53/mo - $18,149.85/mo, WA: $8,452.14/mo - $18,149.85/mo
Additional Details