Location: Bengaluru, India (Hybrid/Onsite Preferred)
Duration: Contract (Initial 6 Months, Extension Possible)
We are looking for an experienced Senior Security Engineer with strong expertise in Google Cloud Platform (GCP), Threat Modelling, and Security by Design to support the security of critical enterprise applications and cloud platforms.
The ideal consultant will work closely with product, engineering, and architecture teams to embed security throughout the software development lifecycle while also contributing to AI-driven automation initiatives that improve internal security operations and governance.
- Lead threat modelling activities across cloud-native applications, services, and enterprise platforms.
- Embed Security & Privacy by Design (SPbD) principles into the design and development lifecycle for 20–30 business-critical systems.
- Provide expert guidance on securing Google Cloud Platform (GCP) environments, including:
- IAM & Identity Management
- VPC Security
- Cloud Armor
- Security Command Center
- Cloud KMS
- GKE Security
- Serverless Security
- Data Protection
- Review solution architectures and recommend secure design patterns aligned with enterprise security standards.
- Partner with engineering teams to implement foundational security controls including:
- Multi-Factor Authentication (MFA)
- Least Privilege Access
- Encryption
- Vulnerability Management
- Logging & Monitoring
- Support security automation initiatives, including:
- Policy as Code
- Open Policy Agent (OPA)
- Controls as Code
- AI-driven security process automation
- Perform security assessments, identify risks and vulnerabilities, and provide practical remediation recommendations.
- Facilitate security workshops, architecture reviews, and secure development coaching.
- Build strong relationships with engineering, architecture, and product teams to drive security adoption.
- Mentor engineers and promote security awareness across development teams.
- Bachelor’s degree in Computer Science, Information Security, Cyber Security, or equivalent practical experience.
- 6–8 years of hands-on experience in Cloud Security.
- Strong expertise securing Google Cloud Platform (GCP) environments.
- Proven experience with:
- Google Cloud IAM
- VPC Service Controls
- Cloud Armor
- Security Command Center
- Cloud Key Management Service (KMS)
- Google Kubernetes Engine (GKE)
- Container Security
- Serverless Security
- Strong experience conducting Threat Modelling and Security Risk Assessments.
- Experience implementing Security by Design, Privacy by Design, and DevSecOps practices.
- Knowledge of cloud attack vectors, security architectures, and defense-in-depth strategies.
- Experience with security automation, Infrastructure as Code (IaC), and Policy as Code (OPA preferred).
- Familiarity with vulnerability management, logging, monitoring, access control, and data protection best practices.
- Excellent communication and stakeholder management skills.
- Comfortable working in Agile product teams.
One or more of the following certifications are highly desirable:
- CISSP
- CISM
- OSCP
- Google Professional Cloud Security Engineer
- Other recognised Cyber Security certifications
- Experience building AI-powered security automation solutions.
- Experience with Kubernetes and container security.
- Knowledge of Zero Trust Architecture.
- Experience in large-scale enterprise cloud transformation programmes.
- Exposure to regulatory and compliance frameworks.