← all jobs

GCP Engineers Remote

Work from home Full-time role Hiring

Cloud Engineer: GCP Network, Security, and GenAI Position Overview & Mission Reporting directly to the Head of Cloud Infrastructure, the Principal Cloud Engineer is responsible for executing the "FY26 GCP Mandate." Following our Strategic Agreement with Google Cloud Platform, this role drives the hands-on implementation required to accelerate Generative AI capabilities by year-end. You will serve as the lead engineer translating architectural direction into scalable, secure, and production-ready systems, balancing aggressive "Speed to Value" with "Secure by Default" principles across the GCP Foundation. This is a highly execution-focused role where you will build, deploy, and optimize cloud infrastructure and services that protect enterprise data while enabling advanced Agentic AI workflows. Core Responsibilities: Enterprise Cloud Networking You will manage a complex, global network topology based on the "VPC Service Controls Strategy," ensuring strict isolation between core foundations and legacy assets. Topology Management: Enforce a strict Hub-and-Spoke network topology. You will standardize the naming convention across all environments: 0p (Production), 0n (Non-Production), 0d (Dev), 0s (Stage), and 0t (Test). Perimeter Defense: Design and validate VPC Service Controls (VPC-SC) to prevent data exfiltration. Traffic Security: Standardize SSL Policies using the RESTRICTED profile and a minimum of TLS 1.2 across all Load Balancer proxies (e.g., admin-api-https-proxy, braze-proxy-htts-proxy). Firewall Governance: Implement Hierarchical Firewall Policies at the Organization level to enforce a "deny-all outbound" default posture. Hybrid Connectivity: Validate and enforce Partner Interconnect encrypted VLAN attachments for all traffic traversing from on-premise to GCP. 5. Technical Qualifications & Tech Stack Expertise IaC Mastery: Expert-level Terraform for provisioning projects, hierarchical labels, and Model Armor floor settings (using google_model_armor_floorsetting). Networking experience and building out VPC Security Tooling: Hands-on experience with Google Cloud Armor, Cloud KMS Autokey, VPC Service Controls, and Security Command Center (SCC). Confidential Computing: Expertise in Confidential VMs (AMD SEV-SNP) for GKE nodes and Compute instances processing sensitive models or PII. Data Architecture: High familiarity with BigQuery, AlloyDB, and Dataplex aspect types for metadata and classification.

More open positions