DoW Cloud Security Engineer (GCP Security Engineering / SecOps Enablement)

About The Position

Requirements

• Active DoD Secret secret clearance.
• Role-required security certification such as: CFR, CCNA Cyber Ops, CCNA-Security, CHFI, CySA+, GCFA, GCIH, SCYBER.
• Demonstrated experience in cloud security engineering or security-focused platform engineering in enterprise/mission environments.
• GCP strongly preferred (AWS/Azure acceptable with ability to ramp quickly in GCP).
• Strong proficiency in cloud logging/telemetry design, including integration into VDSS/SIEM/SOAR platforms.
• Hands-on experience with automation and APIs (Python/Go/Bash, REST/JSON, gcloud/SDKs) to build repeatable security workflows.
• Experience with Kubernetes/container security concepts; ability to instrument and operationalize GKE audit/runtime telemetry.
• Practical incident-response awareness (evidence preservation and containment guidance) — not a primary duty, but able to support when needed.
• Strong writing/briefing skills; can deliver precise, customer-ready outputs with minimal oversight.
• Comfort operating in a high-change environment with competing priorities and frequent stakeholder engagement.
• TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.

Nice To Haves

• Cloud certification preferred (e.g., CCSP or Google Professional Cloud Security Engineer, Professional Cloud DevOps Engineer, Professional Cloud Network Engineer).

Responsibilities

• Comply with currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines.
• Design, implement, and sustain security telemetry/logging architecture in GCP, ensuring high-fidelity signals are collected, normalized, and delivered to the VDSS/SIEM/SOAR stack.
• Own logging coverage and quality for cloud and platform signals, including: Cloud Audit Logs (Admin Activity, Data Access, System Event) IAM/service account activity and privileged actions VPC Flow Logs, load balancer/WAF/proxy signals GKE audit logs and Kubernetes control-plane events Security-relevant application/service logs
• Build detection engineering content: queries, correlation logic, alert rules, and dashboards aligned to cloud threat scenarios (IAM abuse, suspicious API usage, workload compromise, data access anomalies, lateral movement paths).
• Develop automation and guardrails to reduce toil and accelerate investigations/response: API-driven enrichment and evidence capture (e.g., asset inventory, IAM bindings, network path/context, log exports) Repeatable runbooks/workflows and integration into ticketing/notification pipelines
• Partner with teams to implement and validate security controls that improve defensibility: Secure configuration baselines and drift detection Identity and access telemetry improvements Network segmentation signals and policy validation Container/GKE security instrumentation and runtime visibility
• Execute continuous control-health checks and instrumentation validation (telemetry completeness, parsing quality, alert fidelity, logging pipeline reliability).
• Coordinate cleanly with the CSSP: provide engineered signals, detection content, and automation that improves downstream monitoring and response outcomes.
• Produce clear technical deliverables (engineering notes, detection documentation, dashboards/coverage maps, stakeholder-ready updates) with minimal editing.