Job Summary
The Senior GCP Cloud Analyst/Developer evaluates GCP services to define, document, develop/code, and implement security controls to secure the service. This role bridges the gap between architectural security analysis and technical enforcement by developing Policy as Code (PaC) to ensure services meet enterprise standards. The analyst/developer manages the full service-enablement lifecycle, collaborating with architects, threat modelers, governance boards, and other developers to ensure secure cloud adoption.
Primary Responsibilities
- Service Analysis: Evaluate GCP cloud services to identify security control requirements and document them in standard service enablement workbooks. Incorporate risks/mitigations found in threat model reviews into service control.
- Dedicated team: Work independently in a dedicated service analysis/development team to deliver secure GCP services to users as quickly as possible.
- Governance Reviews: Present service enablement workbooks to the Cloud Standards Board (CSB) for review. Address expert panel inquiries to secure service approval, information requests, or risk escalations.
- Threat Modeling: Collaborate with threat modelers to identify risks for specific GCP services. Present findings to the Threat Model Review (TMR) board and integrate identified mitigations into the final service control set.
- Technical Development: Write/develop code for automated security controls to secure GCP services. Code control, response and remediation scripts using Python and Terraform. Build Infrastructure as Code (IaC) modules to deploy approved controls across GCP commercial and government landing zones, some of which are connected to the enterprise network (internal), and some of which are isolated from the enterprise network (external).
- Version Control: Manage all control logic, configuration files, and documentation within Git repositories, following standard branching, pull and merge request workflows.
- Cross-Team Collaboration: Coordinate with the CSB core team and the PaC team to align automated enforcement with organizational policy and validation standards.
Other Responsibilities
- Serve as a Subject Matter Expert (SME) for internal teams regarding GCP architecture and service capabilities.
- Perform ad hoc technical research to resolve complex queries about emerging cloud features.
Key Performance Indicators (KPIs)
- Minimum deliverables: Deliver 1 – 2 (depending on complexity) service analyses per month, following organization standard analysis format (workbooks). Deliver code for service controls for 1 – 2 (depending on complexity) services per month.
- Deliverables
- Completed Service Analysis workbooks and security control documentation.
- Validated Terraform modules and Python-based functions for control implementation.
- Technical presentations for review boards in organization standard format (workbooks).
Required Qualifications
- Expertise in Python, JSON, and Terraform for cloud security control automation.
- Knowledge of various automated control types: Preventative, Proactive, Detective, Reactive, etc., and GCP Service Control Policies.
- Experience with Git repository management and CI/CD (Continuous Integration/Continuous Deployment) concepts.
- Strong understanding of GCP Cloud Architecture and core service security (e.g., IAM, VPC, KMS).
- Experience presenting and defending technical analysis to expert panels or formal committees.
Preferred Experience
- GCP certifications (e.g., Associate Cloud Engineer, Professional Cloud Architect, Professional Cloud Developer, Professional Cloud Security Engineer, Professional Machine Learning Engineer)
- Experience developing custom GCP service security controls.
- Experience in Governance, Risk, and Compliance (GRC) or Policy-as-Code frameworks.
- Background in formal security methodologies and standards (e.g., STRIDE, MITRE ATT&CK, OWASP Top 10, NIST 800-171, etc.)