Job Title: Site Reliability Engineer (Google Cloud Platform)
Pay Type: SALARIED EXEMPT
Location: Remote
US Citizenship: Required
Summary of Position Role/Responsibilities
The Site Reliability Engineer (Google Cloud Platform) is a hands-on engineering role focused on designing, operating, and securing GCP environments that protect Controlled Unclassified Information (CUI) for federal and regulated customers. This position applies to an SRE approach to build secure landing zones, network and identity controls, encryption, logging, and detection capabilities while using automation-first practices to ensure environments remain reliable, secure, and repeatable. The role owns provisioning, configuration, observability, and incident response for production GCP environments and reduces operational toil by codifying infrastructure rather than relying on manual console work. Success requires deep practical GCP expertise, working knowledge of NIST SP 800-53, NIST SP 800-171, FedRAMP, and CMMC, and the ability to map security requirements to GCP configurations and audit-ready evidence. This position supports federal CUI environments and requires an active U.S. government Secret security clearance.
Essential Functions of the Job
- Design, build, and operate secure GCP cloud foundations and landing zones for federal and regulated environments, including organization hierarchy, policy guardrails, Assured Workloads, and Cloud Foundation Toolkit-based deployment patterns.
- Engineer and maintain secure GCP network architectures, including Shared VPC, hub-and-spoke topology, VPC Service Controls, Access Context Manager, Private Google Access, Private Service Connect, Cloud NGFW, Cloud Armor, load balancing, DNS, NAT, VPN, and Interconnect under least-exposure principles.
- Implement and administer identity, access, privileged access, and encryption controls, including least-privilege IAM, custom roles, IAM Conditions, deny policies, service-account hygiene, Workload Identity Federation, Privileged Access Manager, Access Approval, Access Transparency, BeyondCorp Enterprise, IAP, Cloud KMS, Cloud HSM, CMEK, and Cloud EKM.
- Develop and operate security monitoring, threat detection, and response capabilities using Chronicle/Google Security Operations, Security Command Center, curated detections, YARA-L, threat intelligence, SOAR playbooks, telemetry pipelines, and integration with MDR/SOC workflows.
- Build and maintain logging, audit, observability, and reliability capabilities using Cloud Audit Logs, aggregated log sinks, retention policies, BigQuery/Chronicle exports, Cloud Monitoring, Cloud Logging, dashboards, uptime checks, SLIs/SLOs, alerting, on-call operations, incident response, and blameless postmortems.
- Secure and operate cloud workloads and platforms, including Sensitive Data Protection/Cloud DLP for CUI discovery and de-identification, hardened GKE environments, Workload Identity, Shielded/Confidential nodes, network policy, GKE Policy Controller, Binary Authorization, and secure Artifact Registry image promotion.
- Automate infrastructure, security, compliance, and reliability operations using Terraform, Infrastructure Manager, Cloud Foundation Toolkit, policy-as-code, secure CI/CD pipelines, Cloud Build, Cloud Deploy, and scripting in Python, Go, or Bash to reduce manual work and operational toil.
- Translate federal security and compliance requirements into GCP configurations and audit-ready evidence, including NIST SP 800-53, NIST SP 800-171, FedRAMP, CMMC, control inheritance, customer responsibility matrices, RMF/FedRAMP authorization support, and assessor/AO documentation.
- Partner directly with customers and internal stakeholders to communicate technical requirements, operational risks, compliance expectations, and implementation status to both technical and non-technical audiences.
Marginal Functions of the Job
Normal Work Schedule
This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.
Education, Training, and Experience
- Bachelorβs degree in Computer Science, Cybersecurity, Information Systems, Computer Engineering, or a related field.
- 5+ years of hands-on cloud engineering, site reliability engineering (SRE), or cloud security experience, including 3+ years building and operating production Google Cloud Platform (GCP) environments.
- Demonstrated experience designing and operating GCP landing zones / cloud foundations, network segmentation, and VPC Service Controls.
- Hands-on experience with Chronicle (Google Security Operations) and Security Command Center.
- Strong knowledge of GCP IAM, encryption / CMEK (Cloud KMS), and Assured Workloads for regulated environments.
- Experience operating production systems with an SRE mindset β observability (Cloud Monitoring / Cloud Logging), SLOs, on-call, and incident response.
- Working knowledge of at least one federal control framework (NIST SP 800-53, NIST SP 800-171, FedRAMP, or CMMC).
- Proficiency building infrastructure as code with Terraform (Infrastructure Manager / Cloud Foundation Toolkit) and at least one scripting language (Python, Go, or Bash).
- Proven ability to produce audit-ready documentation and translate technical configurations into compliance evidence.
- Strong written and verbal communication skills with the ability to clearly convey complex information.
- Demonstrated ability to manage multiple projects and deadlines with strong organizational skills.
- Must be a U.S. Citizen and hold an active U.S. government Secret (or higher) security clearance.
Preferred Certifications
- Google Professional Cloud Security Engineer
- Google Professional Cloud DevOps Engineer or Professional Cloud Network Engineer
- Google Professional Cloud Architect
- CISSP, CCSP, or similar cybersecurity certification
- FedRAMP, RMF, or CMMC-related training or certifications are a plus
EEO Statement
The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.
