GCP Cloud Security Engineer
DATA PULSE TECH AI LLC
RemoteRemoteUp to $160 an hourContract
Job Description
*Job Summary*
We are seeking a GCP Cloud Security Engineer to join an accelerated 3-month engagement delivering a production-ready Google Cloud Landing Zone for the Internal Revenue Service (IRS). You will be the security backbone of this deployment, responsible for designing and implementing IAM governance, Organization Policy Constraints, Cloud KMS encryption, VPC Service Controls, and Security Command Center configurations across Dev, Staging, and Production environments.
*Key Responsibilities*
* Design and implement Cloud Identity groups and IAM role bindings at Organization, Folder, and Project levels following least-privilege principles
* Configure Workload Identity Federation to eliminate service account key usage
* Define and enforce Organization Policy Constraints (e.g., skipDefaultNetworkCreation, disableServiceAccountKeyCreation, vmExternalIpAccess, resourceLocations)
* Provision Cloud KMS Key Rings and Crypto Keys with CMEK for Storage, BigQuery, and Compute Engine
* Implement VPC Service Controls perimeters for Production data exfiltration prevention
* Configure Security Command Center (SCC) for continuous threat detection and vulnerability management
* Set up centralized Cloud Audit Logs (Admin Activity, Data Access, System Event, Policy Denied)
* Conduct Landing Zone security audit against Google Cloud Well-Architected Framework benchmarks
* Develop and deliver the IAM Roles & Permissions Matrix and Compliance Validation Report
*Required Qualifications*
* Active IRS clearance (MBI or equivalent) — required for immediate onboarding
* Google Cloud Professional Cloud Security Engineer certification
* 5+ years of hands-on experience with GCP IAM, Organization Policies, and Cloud KMS
* Deep expertise with VPC Service Controls, Security Command Center, and Cloud Audit Logs
* Strong understanding of federal security compliance frameworks (NIST 800-53, FedRAMP concepts)
* Experience with Terraform IaC for security resource provisioning
* Familiarity with Google Enterprise Foundations Blueprint and Landing Zone architecture
*Preferred Qualifications*
* Google Cloud Professional Cloud Architect certification
* Prior experience delivering GCP Landing Zones for federal civilian agencies
* Experience with policy-as-code tools (OPA/Gatekeeper, Terraform Sentinel, Config Validator)
* Background in IRS or Treasury Department IT environments
*Engagement Details*
* *Duration: *3 months (approximately 12 weeks)
* *Estimated Hours: *400 hours (~40 hrs/week)
* *Start Date: *Immediate upon clearance verification
* *Engagement Type: *1099 Contract / Hourly
* *Work Authorization: *Must be authorized to work in the United States
Job Type: Contract
Pay: Up to $160.00 per hour
Expected hours: 40 per week
Application Question(s):
* This role requires an active IRS clearance for immediate onboarding. Do you have a current or recently active (within the past 12 months) IRS background investigation clearance? Please indicate your clearance type, status, and approximate expiration or last active date.
License/Certification:
* Google Cloud Professional Certification (Required)
Work Location: Remote
We are seeking a GCP Cloud Security Engineer to join an accelerated 3-month engagement delivering a production-ready Google Cloud Landing Zone for the Internal Revenue Service (IRS). You will be the security backbone of this deployment, responsible for designing and implementing IAM governance, Organization Policy Constraints, Cloud KMS encryption, VPC Service Controls, and Security Command Center configurations across Dev, Staging, and Production environments.
*Key Responsibilities*
* Design and implement Cloud Identity groups and IAM role bindings at Organization, Folder, and Project levels following least-privilege principles
* Configure Workload Identity Federation to eliminate service account key usage
* Define and enforce Organization Policy Constraints (e.g., skipDefaultNetworkCreation, disableServiceAccountKeyCreation, vmExternalIpAccess, resourceLocations)
* Provision Cloud KMS Key Rings and Crypto Keys with CMEK for Storage, BigQuery, and Compute Engine
* Implement VPC Service Controls perimeters for Production data exfiltration prevention
* Configure Security Command Center (SCC) for continuous threat detection and vulnerability management
* Set up centralized Cloud Audit Logs (Admin Activity, Data Access, System Event, Policy Denied)
* Conduct Landing Zone security audit against Google Cloud Well-Architected Framework benchmarks
* Develop and deliver the IAM Roles & Permissions Matrix and Compliance Validation Report
*Required Qualifications*
* Active IRS clearance (MBI or equivalent) — required for immediate onboarding
* Google Cloud Professional Cloud Security Engineer certification
* 5+ years of hands-on experience with GCP IAM, Organization Policies, and Cloud KMS
* Deep expertise with VPC Service Controls, Security Command Center, and Cloud Audit Logs
* Strong understanding of federal security compliance frameworks (NIST 800-53, FedRAMP concepts)
* Experience with Terraform IaC for security resource provisioning
* Familiarity with Google Enterprise Foundations Blueprint and Landing Zone architecture
*Preferred Qualifications*
* Google Cloud Professional Cloud Architect certification
* Prior experience delivering GCP Landing Zones for federal civilian agencies
* Experience with policy-as-code tools (OPA/Gatekeeper, Terraform Sentinel, Config Validator)
* Background in IRS or Treasury Department IT environments
*Engagement Details*
* *Duration: *3 months (approximately 12 weeks)
* *Estimated Hours: *400 hours (~40 hrs/week)
* *Start Date: *Immediate upon clearance verification
* *Engagement Type: *1099 Contract / Hourly
* *Work Authorization: *Must be authorized to work in the United States
Job Type: Contract
Pay: Up to $160.00 per hour
Expected hours: 40 per week
Application Question(s):
* This role requires an active IRS clearance for immediate onboarding. Do you have a current or recently active (within the past 12 months) IRS background investigation clearance? Please indicate your clearance type, status, and approximate expiration or last active date.
License/Certification:
* Google Cloud Professional Certification (Required)
Work Location: Remote