[Remote] GCP Engineer
Note: The job is a remote job and is open to candidates in USA. Calance is seeking a GCP Engineer to drive the hands-on implementation of their Strategic Agreement with Google Cloud Platform. The role involves building, deploying, and optimizing cloud infrastructure and services to enable advanced Agentic AI workflows while ensuring security and compliance.
Responsibilities
- You will manage a complex, global network topology based on the "VPC Service Controls Strategy," ensuring strict isolation between core foundations and legacy assets
- Enforce a strict Hub-and-Spoke network topology. You will standardize the naming convention across all environments: 0p (Production), 0n (Non-Production), 0d (Dev), 0s (Stage), and 0t (Test)
- Design and validate VPC Service Controls (VPC-SC) to prevent data exfiltration
- Standardize SSL Policies using the RESTRICTED profile and a minimum of TLS 1.2 across all Load Balancer proxies (e.g., admin-api-https-proxy, braze-proxy-htts-proxy)
- Implement Hierarchical Firewall Policies at the Organization level to enforce a "deny-all outbound" default posture
- Validate and enforce Partner Interconnect encrypted VLAN attachments for all traffic traversing from on-premise to GCP
Skills
- Employment Type: W2 only - NO C2C
- Work Authorization: Must be authorized to work in the U.S. without current or future sponsorship
- Expert-level Terraform for provisioning projects, hierarchical labels, and Model Armor floor settings (using google_model_armor_floorsetting)
- Networking experience and building out VPC
- Hands-on experience with Google Cloud Armor, Cloud KMS Autokey, VPC Service Controls, and Security Command Center (SCC)
- Expertise in Confidential VMs (AMD SEV-SNP) for GKE nodes and Compute instances processing sensitive models or PII
- High familiarity with BigQuery, AlloyDB, and Dataplex aspect types for metadata and classification
Company Overview