We are looking for a Google Cloud Platform (GCP) Subject Matter Expert (SME) to lead the design, security, and delivery of enterprise Google Cloud environments — including secure landing zones, network connectivity, identity, and detective controls — for clients extending or migrating workloads onto GCP. The ideal candidate is GCP certified with deep, hands-on expertise across GCP architecture, networking, security and hardening, identity federation, and DevSecOps, and is comfortable mapping controls between Microsoft Azure and GCP so that a new Google Cloud estate matches an organisation’s existing security posture. The role blends solution architecture, hands-on engineering, and advisory support to internal delivery teams and client Cloud Centres of Excellence.
Responsibilities
- Design secure GCP landing zones and reference architectures, mapping each control to the client’s existing Azure security posture.
- Architect VPC networking, including Shared VPC, hub-and-spoke topology, subnetting, and hierarchical firewall policies.
- Design hybrid and multi-cloud connectivity using HA VPN and Dedicated / Partner Interconnect between GCP, Azure, and on-premises.
- Implement workforce identity federation between Microsoft Entra ID and GCP IAM (OIDC / SAML), including group-to-role mapping and Context-Aware / Conditional Access.
- Harden GCP to CIS benchmarks using Organisation Policy Service custom constraints and Security Command Centre.
- Integrate detective controls and SIEM: stream Cloud Logging and Security Command Centre findings to Splunk (Dataflow Pub/Sub-to-Splunk), and extend Palo Alto (VM-Series / Cloud NGFW, Panorama) into GCP.
- Design privileged access using Privileged Access Manager, IAM Conditions, VPC Service Controls, and integration with CyberArk.
- Build infrastructure-as-code and DevSecOps pipelines with Infrastructure Manager / Terraform, policy-as-code, and Binary Authorisation.
- Advise client Cloud Centres of Excellence and internal teams; translate complex architecture into plain language for non-technical and executive stakeholders.
- Produce client-ready architecture diagrams, control mappings, and design documentation.
- Support cost management / FinOps, logging, and monitoring (Cloud Monitoring, New Relic) for GCP workloads.Requirements
Technical Skills
- GCP certification required: Professional Cloud Architect and/or Professional Cloud Security Engineer (Professional Cloud Network Engineer and Professional Cloud DevOps Engineer strongly preferred).
- Deep hands-on expertise across core GCP services: VPC / Shared VPC, Cloud Interconnect, HA VPN, Cloud DNS, Cloud IAM, Organization Policy Service, Security Command Center, Cloud KMS, Secret Manager, Cloud Logging / Monitoring, Pub/Sub, Cloud Functions, Cloud Run, Firestore, Dataflow.
- Strong network design experience: hub-and-spoke, firewall policies, Private Service Connect, VPC Service Controls.
- Identity and access: Workforce and Workload Identity Federation, OIDC / SAML, IAM Conditions, Context-Aware Access (Access Context Manager), Privileged Access Manager.
- Security tooling: Palo Alto VM-Series / Cloud NGFW and Panorama; CyberArk; Splunk integration (Varonis a plus).
- Infrastructure-as-code and DevSecOps: Terraform / Infrastructure Manager, policy-as-code (Org Policy custom constraints / `gcloud terraform vet`), CI/CD, Binary Authorization.
- Multi-cloud fluency: ability to map controls between Microsoft Azure (Entra ID, Azure Policy, Defender for Cloud, ExpressRoute, Azure Firewall) and their GCP equivalents.
- Familiarity with CIAM platforms (Google Identity Platform / Firebase, SAP CDC / Gigya) a plus.
- Strong understanding of REST APIs, OAuth 2.0 / OpenID Connect, and secure service-to-service integration (e.g., Cloud Functions to API Management).
Soft Skills
- Ability to explain complex cloud architecture in plain language to non-technical and executive audiences.
- Strong analytical, problem-solving, and troubleshooting skills.
- Effective communication and collaboration with cross-functional and client teams (Cyber, Network, DevOps, Cloud COE).
Comfortable leading workshops and producing client-ready documentation.
Pay: ₹1,700,000.00 - ₹1,800,000.00 per year
Benefits:
- Flexible schedule
- Work from home
Application Question(s):
- Current CTC
- Notice Period
- Did you go through the job description in detail?
Work Location: Remote
