GCP DevSecOps Lead

Key Responsibilities:

• Lead the security strategy and implementation for GCP cloud infrastructure, ensuring that security practices align with organizational goals and compliance standards.
• Implement Rego policies using Open Policy Agent (OPA) to automate and enforce security controls as part of infrastructure-as-code (IaC) and CI/CD pipelines.
• Collaborate with DevSecOps teams to integrate security policies into the continuous development lifecycle.
• Perform threat modeling, risk assessments, and security audits for GCP-based workloads, Vertex AI projects, and AI models.
• Ensure proper IAM (Identity and Access Management) roles, permissions, and policies are in place for GCP and Vertex AI services.
• Define and enforce security best practices for AI/ML services in GCP, ensuring compliance with industry standards and regulations.
• Develop and maintain security dashboards, alerts, and reporting mechanisms to monitor the security posture of GCP and Vertex AI environments.
• Participate in incident response, vulnerability management, and remediation efforts for GCP-based services and AI workloads.
• Stay up to date on emerging cloud security trends and technologies, particularly in GCP and AI/ML domains.

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• Extensive hands-on experience with Google Cloud Platform (GCP), including GCP security tools, IAM, VPC, Cloud Storage, and other services.
• Strong expertise in Rego and Open Policy Agent (OPA) for policy-as-code and automated enforcement.
• Experience implementing security controls in cloud-native environments, including CI/CD pipeline security and infrastructure automation.
• Familiarity with security frameworks and regulations (e.g., NIST, GDPR, SOC2, etc.).
• Strong experience with IAM policies, access controls, and security best practices in GCP.
• Experience with logging and monitoring tools (e.g., Cloud Audit Logs, Security Command Center, Stackdriver) to monitor and respond to incidents.
• Expertise in vulnerability management, risk assessments, and implementing security policies across cloud infrastructure.