SynergeticaRemote
Cloud Security Engineer/Consultant
United States of America
Full Time
6 hours ago
Visa Sponsor
Key skills
GCPGoogle CloudIAMGitVersion ControlProject Management
About this role
Synergetica is working on one of the TOP-3 navigation systems, providing complex web services and solutions. The role focuses on executing high-impact security remediation and risk reduction initiatives within the Google Cloud Platform environment to improve overall security posture.
Responsibilities:
- Execute Remediation: Actively drive security remediation efforts to address over-privileged access permissions and address infrastructure misconfigurations. Specific duties include:
- Collaborating with Security and Software Engineering (SWE) teams to review and implement changes to permissions, group and service configurations
- Review, recommend, and execute changes that enforce least privilege access models, specifically targeting and reducing ambient administrative access patterns
- Guide teams in addressing security policy drift where manual environment changes bypass established controls working to ensure production assets maintain a hardened security state
- Code Modification and Updates: Review policy and GCP IAM changes aligned with remediation efforts by creating and submitting code change requests (CLs) or pull requests (PR) in version control systems
- Security Consultations: Triage support questions from engineers and GCP project owners regarding group management, GCP IAM access management, Security Org Policies and infrastructure misconfigurations. Guide customers through workflows or answer and resolve configuration issues and questions
- Inventory Management: Identify, assign, and update asset ownership and inventory records in relevant systems to ensure inventory and clear accountability of resources
- Bug and Vulnerability Triage: Review and triage bugs and vulnerabilities, routing them to appropriate teams, and conduct regular reviews to ensure proper remediation actions are performed
- Documentation: Create or update workflows, playbooks, and FAQs as needed to prevent or reduce the need for future consultations for repeat issues
Requirements:
- 5+ years of hands-on experience with security hardening of cloud-based infrastructure
- IAM Expertise: Expertise in configuring GCP IAM policies, roles (especially custom roles), and Service Accounts to enforce the Principle of Least Privilege (PoLP)
- Infrastructure-as-Code & Version Control: Family with Infrastructure-as-Code (IaC) tooling, combined with experience with Git version control systems for submitting and reviewing Code Change Requests (CLs/PRs)
- Security Assessment: Skill in technically assessing existing permissions and service configurations to identify, target, and reduce overly permissive or ambient administrative access
- GCP Ecosystem Knowledge: Familiarity with GCP's Resource Hierarchy and related security controls, such as Organization Policies, IAM Permission & IAM Roles
- Security Policy Translation: Ability to translate high-level security requirements and remediation efforts into specific, technical IAM and security control changes on GCP
- Availability: A minimum 4-hour daily working overlap with US Pacific Time (PST/PDT) between 8:00 AM and 4:00 PM PT is required
- Extended Availability: Additional overlap with Israel Time (IST/IDT) is highly desirable
- Project Management Familiarity: Ability to assist in ensuring clearly defined plans are executed and regular progress is aligned to project KPIs