[Remote] Principal Cloud Engineer- GCP Platform Technical Lead
Note: The job is a remote job and is open to candidates in USA. CVS Health is focused on building a world of health around every individual. They are seeking a Principal Cloud Engineer - GCP Platform Technical Lead to drive the architecture, security, and scalability of their enterprise GCP environment, while mentoring teams and ensuring compliance in a highly regulated setting.
Responsibilities
- Own the enterprise GCP platform end-to-end, including organization structure, resource hierarchy, billing, networking architecture, IAM tiering, CMEK, VPC Service Controls, and centralized logging
- Define, build, and maintain the enterprise GCP Landing Zone, including Shared VPC, project factory patterns, Org Policies, and governance guardrails
- Serve as the final technical authority on GCP architecture and engineering decisions, ensuring scalability, security, reliability, and production readiness
- Establish and enforce engineering standards across Infrastructure as Code, GitOps workflows, naming conventions, tagging strategies, branching models, and deployment practices using Terraform and Kubernetes Config Connector (KCC)
- Act as the technical anchor and senior-most individual contributor for the GCP Cloud Engineering and Platform teams
- Partner closely with enterprise architecture, security, networking, operations, and application teams to translate business and regulatory requirements into scalable platform capabilities
- Collaborate across technology towers and platform teams (including AI and provisioning platforms) to enable consistent, secure, and efficient cloud adoption
- Influence cloud strategy across CSPs while driving GCP as the primary enterprise platform of choice
- Design and engineer enterprise-grade GCP networking, including Shared VPC, NCC hub-and-spoke architectures, VPC Service Controls, Private Service Connect, Cloud NAT, and hybrid connectivity using Cloud Interconnect and HA VPN
- Architect and operate secure private GKE clusters using Workload Identity, Binary Authorization, Shielded Nodes, Config Sync, and least-privilege IAM patterns
- Define identity and access strategies leveraging IAM, group-based access, PAM entitlements, Workload Identity Federation, and Entra ID integration
- Evaluate platform designs for cost efficiency, performance, resilience, and long-term sustainability
- Build and maintain self-service platform capabilities enabling product teams to deploy safely and independently
- Integrate observability as a first-class platform feature using Cloud Monitoring, Cloud Logging, Datadog, SLIs/SLOs, alerting policies, and PagerDuty
- Design and operate CI/CD and automation infrastructure, including self-hosted GitHub Actions runners on GKE using ARC
- Manage secrets and encryption lifecycle using Secret Manager, CMEK, External Secrets Operator, and automated key rotation
- Participate in on-call rotation and provide L3 escalation support for platform and infrastructure incidents
- Drive continuous, automated compliance for regulatory frameworks such as HIPAA, PCI-DSS, SOC 2, and FedRAMP
- Mentor engineers at all levels, raising the bar for cloud engineering excellence, security, and operational maturity
- Lead and participate in architecture, design, code, and security reviews for all platform changes
- Coach engineers on GCP best practices, cloud-native design patterns, and operational excellence
- Build long-term technical depth and leadership capability within the cloud engineering organization
- Evaluate and pilot emerging GCP and cloud-native capabilities, including GKE Enterprise, Vertex AI, and AI-assisted DevOps tooling
- Research modern Kubernetes, networking, and platform engineering patterns to improve scalability, security, and developer experience
- Explore AI-driven infrastructure operations and automation opportunities
- Foster a culture of disciplined experimentation with measurable outcomes
- Own and drive the GCP platform roadmap aligned with enterprise priorities and regulatory requirements
- Author, maintain, and socialize Architecture Decision Records (ADRs) for major platform decisions
- Embed FinOps practices into the platform, including cost allocation, budget alerting, committed use discounts, and rightsizing
- Influence long-term cloud transformation initiatives and ensure platform scalability aligns with business growth and compliance needs
Skills
- 10+ years of experience in infrastructure or cloud engineering, with 5+ years of deep, hands-on GCP experience at enterprise scale
- 5+ years experience with proven ownership of a GCP Organization, including resource hierarchy, billing, Org Policy, IAM, and multi-project governance
- 5+ years of demonstrated technical leadership as a principal engineer or platform owner for a major enterprise cloud initiative
- 3+ years of experience with cloud implementations best practices and well architected framework
- 6+ years of deep expertise across GCP services, including: Compute & Containers: GKE (Private, Autopilot & Standard), Cloud Run, Compute Engine, MIGs; Networking: Shared VPC, NCC, VPC Service Controls, Private Service Connect, Cloud Armor, Interconnect, HA VPN; Security & Identity: IAM, Workload Identity, WIF, PAM, Binary Authorization, Security Command Center, Secret Manager, CMEK; Data & Messaging: BigQuery, Pub/Sub, Cloud Storage, Dataflow, Cloud Composer; IaC & Automation: Terraform (modules, remote state, policy-as-code), KCC, Cloud Build, GitOps; Observability: Cloud Operations Suite, Datadog, SLIs/SLOs, PagerDuty
- 1+ years of experience with implementing Agentic AI, and creating Agents
- Strong programming and scripting experience in Python and Go; Bash required. PowerShell experience a plus
- Experience operating and supporting production platforms in regulated environments
- Google Cloud Professional Cloud Architect and/or Professional DevOps Engineer certification
- HashiCorp Terraform Associate or Professional certification
- Experience with Palo Alto VM-Series NGFW and F5 BIG-IP VE in GCP
- Familiarity with Anthos, GKE Enterprise, and multi-cloud connectivity patterns
- Experience with Vertex AI, LLM and enterprise MLOps patterns
- Healthcare or other highly regulated industry experience (HIPAA, SOC 2, PCI-DSS, FedRAMP)
- Experience with advanced CI/CD runner infrastructure and multi-OS build environments
Benefits
- This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.
- This position also includes an award target in the company’s equity award program.
- This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families.
- The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.
Company Overview
Company H1B Sponsorship