GCP Cloud Security Engineer

About The Position

Requirements

• 5–8 years of experience in cloud engineering or security, with at least 3 years focused on GCP.
• Deep knowledge of GCP services (IAM, VPC, GKE, Cloud Run, GCS, KMS, SCC) and their security implications.
• Experience implementing guardrails with Terraform.
• Strong grasp of IAM design, service account lifecycle, and secrets management in GCP.
• Familiarity with cloud logging/monitoring (Cloud Logging, VPC Flow Logs, SCC findings) and integration into SIEM/SOAR.
• Strong scripting or development skills (Python preferred) for automation.
• Ability to influence engineering teams toward secure patterns without slowing them down.
• Bias Toward Action: Demonstrated ability to take initiative, make decisions under uncertainty, and move projects forward even in the face of ambiguity. We value individuals who are self-starters and ready to act on opportunities and challenges alike.
• Entrepreneurial Spirit: Strong adaptability to changing business needs with a knack for building and optimizing processes. Your entrepreneurial mindset will be crucial in navigating the dynamic landscape of our industry, ensuring our platform remains competitive and responsive to user needs.
• Communication: Excellent communication skills, capable of explaining complex technical concepts to non-technical stakeholders. Effective communication is vital for cross-functional collaboration and ensuring alignment across our organization.
• Remote Work Adaptability: Comfort with remote work environments, demonstrating the ability to stay productive and connected with the team irrespective of physical location.
• Continuous Improvement: A willingness to question assumptions and a commitment to continuous improvement. Your openness to feedback and dedication to personal and professional growth will contribute significantly to our collective success.

Nice To Haves

• experience with HIPAA/HITRUST environments, SOC 2 Type II audits, or healthcare data protection

Responsibilities

• Serve as the embedded security partner for engineering teams building in GCP, with a focus on pragmatic, high-impact risk reduction.
• Orchestrate and implement organization constraints to enforce guardrails and prevent misconfigurations.
• Harden GCP environments against misconfiguration and exposure: enforce secure defaults, network segmentation, logging, and monitoring.
• Drive adoption of identity- and service-account best practices, including least privilege, key rotation, and elimination of long-lived credentials.
• Automate enforcement of cloud security controls using IaC, policy-as-code, and CI/CD guardrails.
• Lead cloud vulnerability management, including scanning for misconfigurations, secrets, and exposed services, and partner with teams on remediation.
• Integrate CSPM tooling (e.g. Wiz, Upwind, GCP Security Command Center) and cloud-native telemetry into centralized detection and response workflows.
• Support incident response by providing expertise on GCP logging, forensics, and containment.
• Define and track cloud security KPIs (e.g., % of resources covered by VPC Flow Logs, service accounts without keys, restricted buckets with audit logging).
• Partner with product security and infrastructure engineering to shape long-term cloud security strategy.

Benefits

• We value our team at Function and offer a competitive salary and benefits package, flexible working hours, and a dynamic work environment where creativity and innovation are encouraged.