As a GCP DevSecOps Engineer, you will play a pivotal role in ensuring the security, reliability, and efficiency of our cloud-based infrastructure on Google Cloud Platform (GCP). You will be responsible for the integration of security practices into the development and operational processes, promoting a DevSecOps culture, and driving continuous improvement in security best practices.
1 Collaborate with cross-functional teams, including developers, operations, and security, to implement and maintain a secure and scalable GCP environment.
2 Design, implement, and maintain security controls and policies to safeguard cloud infrastructure and applications against cyber threats and attacks.
3 Develop and enhance CI/CD pipelines, automating security scans, testing, and deployment processes to ensure secure software delivery.
4 Conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential security weaknesses and risks.
5 Monitor GCP services and applications for security incidents, promptly responding to and resolving any security-related issues.
6 Develop and maintain documentation for security policies, procedures, and guidelines to support compliance and audits.
7 Stay updated with the latest security threats, vulnerabilities, and best practices, and proactively implement appropriate security measures.
8 Assist in evaluating and selecting security tools, technologies, and frameworks to enhance the security posture of our GCP infrastructure.
9 Collaborate with other engineering teams to address security concerns during the design and development phases of projects.
10 Troubleshoot and resolve complex technical issues related to GCP security and performance.
1 Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., GCP Professional Cloud Security Engineer, Certified Kubernetes Security Specialist) are a plus.
2 Minimum of 5 years of experience in cloud computing, with a focus on GCP, and 3 to 4 years of experience in a DevSecOps or security engineering role.
3 In-depth knowledge of GCP services and architecture, with expertise in cloud security best practices.
4 Strong understanding of containerization technologies (Docker, Kubernetes) and their security implications.
5 Hands-on experience with security tools and practices such as vulnerability scanning, penetration testing, intrusion detection, and log analysis.
6 Proficiency in scripting and automation using Python, Shell, or other relevant languages.
7 Familiarity with compliance standards and frameworks (e.g., GDPR, PCI DSS, ISO 27001) and experience implementing security controls to meet these requirements.
8 Ability to work collaboratively in a fast-paced and agile environment, adapting to changing priorities and deadlines.
9 Excellent problem-solving skills and a proactive approach to identifying and resolving security issues.
10 Strong communication skills, with the ability to effectively convey complex technical concepts to non-technical stakeholders.