Security Architect

Posted 27 February 2024
Salary Negotiable
LocationLondon
Job type Contract
Discipline DevOps
Reference102677
Contact NameDaniel Amponsah

Job description

Responsibilities:

  • Develop, implement, and maintain Rego policies to enforce security controls and compliance standards within our GCP infrastructure and applications.
  • Collaborate with development and operations teams to integrate security into the GCP-focused CI/CD pipeline, ensuring security checks and scans are automated and seamlessly incorporated.
  • Leverage your GCP expertise to architect and implement secure microservices and containerized applications, ensuring compliance with GCP security best practices.
  • Design and implement infrastructure-as-code (IaC) using Terraform to define and manage GCP resources securely and efficiently.
  • Perform thorough security assessments on GCP environments, utilizing GCP-specific security tools and technologies, to identify and address potential vulnerabilities.
  • Conduct threat modelling and risk assessments for GCP deployments, designing effective security solutions tailored to GCP services.
  • Collaborate with cross-functional teams to respond to GCP-specific security incidents promptly, conduct root cause analysis, and implement corrective actions.
  • Stay current with GCP advancements, industry security trends, and best practices, sharing knowledge and insights with team members.
  • Drive a culture of security awareness specific to GCP environments, ensuring security considerations are integrated throughout development.

Requirements:

  • Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
  • Proven experience as a DevSecOps Engineer with a strong focus on GCP
  • Expertise in Rego policies and policy-as-code practices especially with implementation in GCP
  • In-depth understanding of GCP services, security controls, and best practices.
  • Proficiency in using GCP-specific security tools, vulnerability scanners, and penetration testing tools.
  • Strong experience with infrastructure-as-code (IaC) using Terraform for GCP resource provisioning and management.
  • Familiarity with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI/CD) with GCP integrations.
  • Solid knowledge of GCP security frameworks, standards, and compliance requirements.
  • Strong understanding of container security in GCP and experience securing microservices.
  • Excellent communication and collaboration skills, with a proven ability to work effectively in cross-functional teams.
  • Relevant GCP certifications such as Google Professional DevOps Engineer, Google Professional Cloud Security Engineer, or similar certifications are highly advantageous.