GCP DevOps Engineer
GCP DevOps Engineer United States (Must be authorized to work in the US) Remote Salary
- Contract to hire
- Competitive compensation
- Visa sponsorship is not available for this position.
About GTS Global Technology Solutions, Inc. is a U.S.-based leader in CCaaS, AI/ML, and Cloud Solutions. As a Gold Partner with Genesys and Advanced Partner with AWS, Google Cloud, and Azure, we deliver implementation, consulting, managed services, and product development that drives higher ROI for our clients. Our fully remote, agile teams are empowered to innovate—and we’re looking for a GCP DevOps Engineer to shape our next wave of intelligent and secure offerings.
About the Role
Role Overview: Google Cloud Platform specialist to guide the provisioning, security, and enterprise enablement of cloud landing zones, ensuring alignment with strict organizational policies to support scalable project deployments. You will work closely with clients, our application development and design teams to ensure our clients’ and internal GCP environments meet the highest standards of reliability, compliance, and operational excellence. The ideal candidate is highly consultative, proactive, and thrives in a hands-on environment where rapid learning is the norm.
Key Responsibilities
- GCP Architecture: Design and configure secure, enterprise-ready GCP landing zones to support PoC's, Pilots, and full-scale deployments without requiring future migrations.
- Domain Expertise: Provide specialized knowledge in IAM and Cloud Networking.
- Advisory & Collaboration: Lead workshops with cross-functional client teams to review current setups, ensure adherence to best practices, and provide official strategic recommendations.
- Security & Compliance: Ensure all platform enablement strictly follow established enterprise security policies and procedures
- Develop and enforce cloud security baselines, guardrails, and governance policies across GCP organizations, folders, and projects.
- Implement and manage Infrastructure as Code (IaC) for cloud foundations, including VPC architecture, shared services, and connectivity patterns.
- Integrate security tooling and controls into CI/CD pipelines (shift-left security), including static analysis, secrets detection, container scanning, and policy enforcement.
- Lead the design and implementation of Zero Trust network architecture, identity federation, and least privilege access models.
- Define and manage Security Command Center (SCC), Chronicle SIEM, and other GCP-native security tooling for continuous monitoring and threat detection.
- Conduct threat modeling, risk assessments, and security reviews for new infrastructure patterns and cloud-native services.
- Collaborate with compliance teams to maintain alignment with frameworks such as CIS Benchmarks, NIST 800-53, SOC 2, FedRAMP, or equivalent.
- Automate security and compliance controls using policy-as-code tools (OPA/Rego, Terraform Sentinel, Forseti/Config Validator).
- Respond to and remediate security incidents, vulnerabilities, and misconfigurations across the cloud estate.
- Mentor teams on cloud security best practices and drive a culture of shared security ownership.
- Lead development and maintenance of standardization templates to be used for discovery by sales and implementation teams in ensuring client security requirements are well documented.
Required Experience
- 3+ years of experience in DevOps, cloud engineering, or platform/infrastructure engineering roles.
- 3+ years of hands-on experience with Google Cloud Platform (GCP), with a focus on foundations, networking, and security.
- Demonstrated experience designing and deploying enterprise GCP Landing Zones (Google Cloud Foundation Toolkit, CFT, or equivalent).
- Strong background in cloud security architecture, identity & access management (IAM), and network security design.
- Proven experience integrating security into CI/CD workflows and automating policy enforcement.
- Experience working within regulated environments or with compliance frameworks (SOC 2, NIST, CIS, ISO 27001, or FedRAMP).
Preferred Experience
- Experience with multi-cloud or hybrid connectivity (GCP Interconnect, VPN, SD-WAN).
- Background in SRE practices — SLOs, incident response, and chaos engineering.
- Contributions to open-source security or DevOps tooling.
- Familiarity with Google Assured Workloads or sovereign cloud requirements.
- Prior experience in financial services, healthcare, or government-regulated industry.
Technical Capabilities Cloud Foundations & Landing Zones GCP Organization hierarchy design (Org Folders
- Projects) including Assured Workloads folders
- Shared VPC, VPC Service Controls, and Private Service Connect
- Resource hierarchy and inheritance model for policies and billing
- Cloud Foundation Toolkit (CFT) and/or Fabric FAST landing zone blueprints
- Google Cloud's Architecture Framework and Well-Architected principles
Security & Compliance
- IAM design: service accounts, Workload Identity Federation, custom roles, and least-privilege enforcement
- Cloud Armor (WAF/DDoS), BeyondCorp Enterprise, and context-aware access
- Data security: CMEK, Cloud HSM, Secret Manager, DLP API
- Security Command Center (SCC) Premium — findings, threat detection, compliance dashboards
- Chronicle SIEM and Security Operations (SecOps) integrations
- Binary Authorization and supply chain security (SLSA, Sigstore)
- Audit logging strategy: Cloud Audit Logs, log sinks, and retention policies
Infrastructure as Code & Automation
- Terraform (advanced): modules, workspaces, remote state, Sentinel policies
- GitOps workflows: ArgoCD, Flux, or equivalent
- Policy-as-Code: OPA/Rego, Checkov, tfsec, KICS
Containers & Kubernetes
- Google Kubernetes Engine (GKE): hardening, Autopilot, node pool design
- Container security: Artifact Registry scanning, Distroless images, Pod Security Standards
Networking
- VPC design: subnets, firewall rules, hierarchical firewall policies
- Cloud NAT, Cloud DNS, Private Google Access
- Hybrid connectivity: Cloud Interconnect, HA VPN, Network Connectivity Center
- Network Intelligence Center and packet mirroring
Technologies & Tools CATEGORY TOOLS & PLATFORMS Cloud Platform Google Cloud Platform (GCP) IaC Terraform, Cloud Deployment Manager Security Scanning Checkov, tfsec, Trivy, Snyk, Semgrep Policy & Governance OPA/Rego, Sentinel, Forseti, Config Validator Monitoring & SIEM Chronicle, Security Command Center, Cloud Monitoring, Splunk Container Orchestration GKE, Anthos, Docker Secrets Management Secret Manager, HashiCorp Vault Identity & Access Cloud IAM, Workload Identity Federation, Active Directory Version Control GitLab, Bitbucket Languages/Scripting Python, Bash Certifications (Preferred)
- Google Cloud Professional Cloud Security Engineer (highly preferred)
- Google Cloud Professional Cloud Architect
- Certified Kubernetes Security Specialist (CKS)
- AWS Certified Security Specialty or Azure Security Engineer (beneficial for multi-cloud context)
- CISSP, CCSP, or equivalent security certification
Apply To This Job