Application Security Cloud Engineer

Ford•Dearborn, MI

About The Position

Cloud Security Strategy & Oversight: Partner with Architecture, Developer Experience (DevX), and Site Reliability Engineering (SRE) teams to shape and implement our GCP Zero-Trust security architecture. Provide expert oversight and validation of security controls, acting as a critical second-line partner to ensure our cloud environment is fundamentally secure. Drive the operationalization of Google's Security Command Center Enterprise (SCCE), turning its powerful features into a proactive threat detection and compliance engine. Collaborate on best practices for the enforcement of security quality gates for Infrastructure as Code (IaC) and Policy as Code (PaC) implementations. Develop and automate vulnerability management processes, using a risk-based approach to prioritize and drive remediation. Collaborate effectively with cross-functional teams, including development, operations, compliance, and incident response. Established and active employee resource groups

Requirements

Bachelor's degree in computer science, information security, or a related technical field, or equivalent practical experience.
5+ years of progressive experience in application security, cloud security, or a similar security engineering role.
Demonstrable expertise in securing applications and infrastructure within Google Cloud Platform (GCP).
In-depth understanding of software development lifecycle (SDLC) principles and practices.
Proven experience with vulnerability management, including scanning, analysis, prioritization, and remediation tracking.
Strong knowledge of various security testing methodologies and tools
Proficiency in at least one scripting language (e.g., Python, Go, Bash) for automation and tool development.
Experience with containerization (Docker, Kubernetes) and serverless technologies.
Excellent communication, collaboration, and problem-solving skills.

Nice To Haves

Master's degree in a relevant technical field.
Relevant industry certifications such as GCP Professional Cloud Security Engineer, CISSP, CCSP, CSSLP.
Experience with Infrastructure as Code (IaC) security practices and tools (e.g., Terraform, Mondoo, Open Policy Agent).
Knowledge of common security frameworks and compliance standards (e.g., NIST, ISO 27001, SOC 2, GDPR).
Experience with security monitoring, logging, and alerting solutions in a cloud environment (e.g., GCP Security Command Center, Cloud Logging, Cloud Monitoring).

Responsibilities

Shape and implement our GCP Zero-Trust security architecture.
Provide expert oversight and validation of security controls.
Drive the operationalization of Google's Security Command Center Enterprise (SCCE).
Collaborate on best practices for the enforcement of security quality gates for Infrastructure as Code (IaC) and Policy as Code (PaC) implementations.
Develop and automate vulnerability management processes.
Collaborate effectively with cross-functional teams, including development, operations, compliance, and incident response.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume