GCP Cloud Security Engineer
Role summary
The client is seeking a hybrid Cloud Security Engineer in Sterling, VA, for a 6-month contract with possible extension. This hands-on role focuses on securing enterprise-scale Google Cloud Platform (GCP) environments. Responsibilities include designing, implementing, and operating cloud security controls, vulnerability management, and utilizing CSPM/CNAPP platforms. The engineer will develop automation using Python, integrate security into CI/CD pipelines, harden GCP configurations, and support security assessments for AI/ML workloads. The role requires 7+ years of experience in cloud security and vulnerability management, with demonstrated experience in AWS and GCP, and 3+ years with CSPM/CNAPP tools.
Title: GCP Cloud Security Engineer
Location: Sterling, VA 20166 (Hybrid)
Duration: 06 months (Possible Extension)
Shift: Monday to Friday 1st Shift (3 Days Onsite)
Payrate: $85 to $92/hr on W2 (depending on experience)
Description:
The Cloud Security Engineer is a hands-on technical security professional responsible for designing, implementing, and operating cloud security controls across Client’s public cloud environments, with a primary focus on Google Cloud Platform (GCP).
Job Responsibilities / Typical Day in the Role
- Serve as a hands-on Cloud Security Engineer focused on securing enterprise-scale GCP environments.
- Design, implement, and operate cloud vulnerability management processes across compute, container, serverless, and platform services.
- Leverage and manage CSPM/CNAPP platforms (e.g., Wiz, Orca, Prisma Cloud) to identify misconfigurations, prioritize risk, and drive remediation efforts with engineering teams.
- Develop automation and security tooling using Python (preferred) or similar scripting languages to improve detection, remediation, and reporting capabilities.
- Partner with engineering and DevOps teams to integrate security controls into CI/CD pipelines and infrastructure-as-code workflows.
- Review and harden GCP configurations, including IAM, networking, logging, storage, and container environments.
- Support security assessments of AI/ML workloads and cloud-native data platforms; contribute to proof-of-concept initiatives related to AI/ML security where applicable.
- Collaborate with cross-functional teams to remediate vulnerabilities identified through CSPM tools, scanners, and cloud-native security services.
- Contribute to the development and maintenance of cloud security standards, configuration baselines, and operational documentation.
- Support multi-cloud security initiatives, including AWS and Azure environments where required.
- Stay current with emerging cloud threats, vulnerability trends, and advancements in cloud security tooling.
- GCP Cloud Security Engineering & Hardening – 15%
- Cloud Vulnerability Management (analysis, prioritization, remediation coordination) – 30%
- CSPM/CNAPP Operations & Risk Reduction – 10%
- Security Automation & Python Development – 15%
- CI/CD & DevSecOps Integration – 10%
- Architecture Reviews & Engineering Collaboration – 10%
- AI/ML & Emerging Technology Security Support – 5%
- Documentation & Continuous Learning – 5%
Must Have Skills / Requirements
- Strong knowledge and practical experience in Cloud Vulnerability Management
- 7+ years of experience; Vulnerability identification, prioritization, risk assessment, and remediation coordination across cloud workloads and services.
- Demonstrated hands-on experience with AWS and GCP.
- 7+ years of experience; Cloud experience within a production environment.
- Hands-on experience with at least one CSPM/CNAPP platform
- 3+ years of experience; (e.g., Wiz, Orca, Prisma Cloud, Lacework, or equivalent)
Nice to Have Skills / Preferred Requirements
- Cloud security certifications such as:
- a. GCP Professional Cloud Security Engineer
- b. AWS Security Specialty or Solutions Architect
- c. Azure Security Engineer or Solutions Architect
- Experience with AI/ML platforms and securing machine learning workloads; prior proof-of-concept or project experience is a plus.
- Knowledge of AWS and/or Azure security services and architecture.
- Familiarity with Oracle Cloud Infrastructure (OCI).
- Experience integrating security tooling with platforms such as Slack, Jira, and CI/CD pipelines.
- Experience with SIEM and observability platforms (e.g., Splunk).
- Azure Experience is a plus.
- Experience with Brinqa.
Soft Skills:
- Excellent written and verbal communication skills with the ability to collaborate effectively with engineering and security stakeholders.
Technology Requirements:
- Demonstrated hands-on experience securing Google Cloud Platform (GCP) environments in production.
- Strong knowledge and practical experience in Cloud Vulnerability Management, including vulnerability identification, prioritization, risk assessment, and remediation coordination across cloud workloads and services.
- Hands-on experience with at least one CSPM/CNAPP platform (e.g., Wiz, Orca, Prisma Cloud, Lacework, or equivalent).
- Proficiency in Python (preferred) or similar programming/scripting languages, with experience developing automation or security tooling.
- Strong understanding of cloud IAM concepts, least-privilege access, and identity governance in GCP.
- Solid understanding of cloud networking fundamentals, including VPC design, routing, segmentation, and secure connectivity patterns.
- Experience securing containerized workloads and Kubernetes environments.
- Familiarity with Infrastructure-as-Code (Terraform preferred) and secure configuration management practices.
- Strong understanding of security principles, risk management, and compliance considerations in public cloud environments.
Education / Certifications
- Bachelor’s degree in Computer Science, Information Security, or related technical discipline, or equivalent practical experience.
