Google Cloud

Google Cloud (GCP) Security & Governance Engineer

Westminster, CO

6 months Contract

Job Summary

• Senior GCP Security & Governance Engineer role.
• Design, implement, and operationalize cloud governance framework for GCP expansion.
• Collaborate with governance team to implement security controls, project configuration standards, financial governance, and IAM models.
• Build scalable, repeatable governance patterns aligned with mature AWS models.

What You'll Do

Governance & Security

• Implement GCP Organization & Project Governance.
• Design/manage GCP Organization, Folder, and Project structures.
• Define/enforce governance guardrails using IAM, Org Policies, and security controls.
• Architect/manage SSO, MFA, and identity federation for GCP access.
• Establish billing structures, budgets, labeling standards, and cost controls.
• Build/maintain Infrastructure as Code frameworks (Terraform) to automate governance.
• Troubleshoot complex platform-level issues and enable safe adoption.
• Align GCP governance practices with AWS governance models.
• Implement standardized project creation workflows (naming conventions, labels, billing, baseline configs).
• Maintain organization-level policies (Org Policies) to enforce guardrails.

Enable Security & Compliance

• Implement existing client security standards in GCP (e.g., CSPM, vulnerability management).
• Configure/manage Okta SSO across GCP footprint.
• Centralize security monitoring, logging, and alerting.
• Partner with project owners/security teams to remediate findings.
• Support compliance initiatives (auditability, evidence collection, policy enforcement).

Financial Governance (FinOps)

• Establish billing account structures, budgets, alerts, and cost controls.
• Enforce consistent resource labeling and cost allocation standards.
• Create/maintain cost and usage reports for visibility/accountability.
• Partner with finance/engineering teams to optimize cloud spend.

Platform Configuration & Operations

• Define standard configurations for networking (VPCs, shared VPCs, firewall rules), logging, monitoring.
• Automate governance controls/configurations using Infrastructure as Code (Terraform).
• Troubleshoot GCP platform issues and guide engineering teams.
• Maintain documentation, standards, and runbooks for governance processes.

Cross-Cloud Alignment

• Align GCP governance practices with AWS governance/security models.
• Contribute to unified multi-cloud governance strategy.

Required Qualifications

• 5+ years hands-on GCP experience (organization/platform level).
• 5+ years implementing GCP IAM, Org Policies, billing management.
• 3+ years implementing cloud governance frameworks/security controls in GCP.
• 3+ years using Infrastructure as Code tools (Terraform strongly preferred).
• 3+ years managing identity federation, SSO, MFA in cloud environments.

Preferred Qualifications

• Experience building/operating enterprise-scale GCP environments.
• Familiarity with AWS governance models (Control Tower, SCPs).
• Experience with Security Command Center, Cloud Logging, Cloud Monitoring.
• Knowledge of FinOps practices in cloud environments.
• Experience supporting regulated/compliance-driven environments.
• Strong troubleshooting/problem-solving skills.
• Ability to work cross-functionally with security, finance, and engineering teams.

Success Metrics

• GCP projects managed within governance frameworks.
• Projects created consistently, securely, and auditable.
• Security and cost risks proactively identified and controlled.
• Engineers adopt GCP safely without bypassing governance.
• Leadership has clear visibility into security posture and cloud spend.

Technical Skills

• Must Have: Google Cloud Platform (GCP).
• Nice to Have: Amazon Web Services (AWS).