You will own the implementation and maintenance of secure software delivery practices.
Responsibilities
Design and implement secure CI/CD workflows using tools like GitHub Actions, Jenkins, or GitLab CI, integrating automated security scans and compliance gates.
Embed security controls into cloud-native applications deployed on Google Cloud Platform (GCP), managing IAM policies and VPC Service Controls.
Develop and maintain Infrastructure as Code templates using Terraform or Google Cloud Deployment Manager for secure resource provisioning.
Integrate SAST, DAST, and dependency scanning tools (e.g., SonarQube, OWASP ZAP) into workflows, triaging findings with engineering teams.
Define and enforce security policies through automated guardrails, policy-as-code, and continuous compliance monitoring.
Required Skills
3+ years of experience in DevOps, SRE, or Cloud Engineering roles.
2+ years implementing security within CI/CD pipelines.
2+ years with cloud platforms, preferably GCP.
2+ years with container orchestration and security (Kubernetes, Docker).
1+ years experience with Infrastructure as Code (Terraform).
1+ years experience with vulnerability scanning and remediation workflows.
1+ years experience with Google Cloud security services (IAM, VPC Service Controls).
1+ years experience securing Google Vertex AI and IBM watsonx Orchestrate.
Familiarity with Agile development practices and DevSecOps principles.
Preferred Skills
Proficiency in scripting languages like Python or Bash.