Site Reliability Engineer (Google Cloud Platf

United States of America

Full Time

3 hours ago

No H1B

Key skills

Google Cloud Platform (GCP)Site Reliability Engineering (SRE)GCP Landing ZonesGCP Network ArchitectureShared VPCHub-and-Spoke TopologyVPC Service ControlsAccess Context ManagerPrivate Google AccessPrivate Service ConnectCloud NGFWCloud ArmorLoad BalancingDNSNATVPNInterconnectIAMCustom RolesIAM ConditionsDeny PoliciesService-Account HygieneWorkload Identity FederationPrivileged Access ManagerAccess ApprovalAccess TransparencyBeyondCorp EnterpriseIAPCloud KMSCloud HSMCMEKCloud EKMChronicleGoogle Security OperationsSecurity Command CenterYARA-LThreat IntelligenceSOAR PlaybooksTelemetry PipelinesMDR/SOC WorkflowsCloud Audit LogsLog AggregationRetention PoliciesBigQueryCloud MonitoringCloud LoggingDashboardsUptime ChecksSLIs/SLOsAlertingIncident ResponseBlameless PostmortemsCloud DLPHardened GKE EnvironmentsWorkload IdentityShielded NodesConfidential NodesNetwork PolicyGKE Policy ControllerBinary AuthorizationArtifact RegistryTerraformInfrastructure ManagerCloud Foundation ToolkitPolicy-as-CodeCI/CD PipelinesCloud BuildCloud DeployPythonGoBashNIST SP 800-53NIST SP 800-171FedRAMPCMMCRMFAudit DocumentationU.S. Government Secret Security ClearanceGCPGoogle CloudGKECI/CDCommunicationCloud Security

About this role

Quzara LLC is a company focused on providing secure cloud solutions, and they are seeking a Site Reliability Engineer specialized in Google Cloud Platform. The role involves designing, operating, and securing GCP environments while ensuring compliance with federal regulations and automating infrastructure to enhance reliability and security.

Responsibilities:

Design, build, and operate secure GCP cloud foundations and landing zones for federal and regulated environments, including organization hierarchy, policy guardrails, Assured Workloads, and Cloud Foundation Toolkit-based deployment patterns
Engineer and maintain secure GCP network architectures, including Shared VPC, hub-and-spoke topology, VPC Service Controls, Access Context Manager, Private Google Access, Private Service Connect, Cloud NGFW, Cloud Armor, load balancing, DNS, NAT, VPN, and Interconnect under least-exposure principles
Implement and administer identity, access, privileged access, and encryption controls, including least-privilege IAM, custom roles, IAM Conditions, deny policies, service-account hygiene, Workload Identity Federation, Privileged Access Manager, Access Approval, Access Transparency, BeyondCorp Enterprise, IAP, Cloud KMS, Cloud HSM, CMEK, and Cloud EKM
Develop and operate security monitoring, threat detection, and response capabilities using Chronicle/Google Security Operations, Security Command Center, curated detections, YARA-L, threat intelligence, SOAR playbooks, telemetry pipelines, and integration with MDR/SOC workflows
Build and maintain logging, audit, observability, and reliability capabilities using Cloud Audit Logs, aggregated log sinks, retention policies, BigQuery/Chronicle exports, Cloud Monitoring, Cloud Logging, dashboards, uptime checks, SLIs/SLOs, alerting, on-call operations, incident response, and blameless postmortems
Secure and operate cloud workloads and platforms, including Sensitive Data Protection/Cloud DLP for CUI discovery and de-identification, hardened GKE environments, Workload Identity, Shielded/Confidential nodes, network policy, GKE Policy Controller, Binary Authorization, and secure Artifact Registry image promotion
Automate infrastructure, security, compliance, and reliability operations using Terraform, Infrastructure Manager, Cloud Foundation Toolkit, policy-as-code, secure CI/CD pipelines, Cloud Build, Cloud Deploy, and scripting in Python, Go, or Bash to reduce manual work and operational toil
Translate federal security and compliance requirements into GCP configurations and audit-ready evidence, including NIST SP 800-53, NIST SP 800-171, FedRAMP, CMMC, control inheritance, customer responsibility matrices, RMF/FedRAMP authorization support, and assessor/AO documentation
Partner directly with customers and internal stakeholders to communicate technical requirements, operational risks, compliance expectations, and implementation status to both technical and non-technical audiences
Other duties as assigned

Requirements:

Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Computer Engineering, or a related field
5+ years of hands-on cloud engineering, site reliability engineering (SRE), or cloud security experience, including 3+ years building and operating production Google Cloud Platform (GCP) environments
Demonstrated experience designing and operating GCP landing zones / cloud foundations, network segmentation, and VPC Service Controls
Hands-on experience with Chronicle (Google Security Operations) and Security Command Center
Strong knowledge of GCP IAM, encryption / CMEK (Cloud KMS), and Assured Workloads for regulated environments
Experience operating production systems with an SRE mindset — observability (Cloud Monitoring / Cloud Logging), SLOs, on-call, and incident response
Working knowledge of at least one federal control framework (NIST SP 800-53, NIST SP 800-171, FedRAMP, or CMMC)
Proficiency building infrastructure as code with Terraform (Infrastructure Manager / Cloud Foundation Toolkit) and at least one scripting language (Python, Go, or Bash)
Proven ability to produce audit-ready documentation and translate technical configurations into compliance evidence
Strong written and verbal communication skills with the ability to clearly convey complex information
Demonstrated ability to manage multiple projects and deadlines with strong organizational skills
Must be a U.S. Citizen and hold an active U.S. government Secret (or higher) security clearance
Google Professional Cloud Security Engineer
Google Professional Cloud DevOps Engineer or Professional Cloud Network Engineer
Google Professional Cloud Architect
CISSP, CCSP, or similar cybersecurity certification
FedRAMP, RMF, or CMMC-related training or certifications are a plus