1. Secure, Reliable, and Scalable IAM/PAM Implementation in GCP: You will contribute to the design and implement secure, reliable, and scalable GCP IAM/PAM policies and structures, rigorously applying the principle of least privilege across our GCP footprint (Organizations, Folders, Projects). This includes implementing and refining secure patterns for managing GCP IAM/PAM roles, service accounts, and their credentials, leveraging modern GCP security features like Workload Identity Federation and Access Context Manager, while also considering the availability and performance impact. You will conduct technical security and reliability reviews of proposed GCP architectures to identify and mitigate potential identity and access-related risks and single points of failure early in the lifecycle. 2. Implementing and Managing PAM Solutions with Reliability in Mind (Across Hybrid Environments): You will implement and maintain solutions for managing privileged accounts and secrets across our environment, with a focus on assets within or interacting with GCP, Entra/InTune. This includes leveraging GCP-native services like Secret Manager where appropriate and understanding how to integrate with or manage credentials stored within other enterprise PAM tools. You will define and enforce security policies around privileged session management, monitoring, and auditing, considering the operational stability and capabilities of the various PAM tools in use. 3. Automated Security Enforcement & Operational Excellence (DevSecOps & SRE Integration): You will embed automated security and operational checks, including validation for IAM/PAM configurations, directly into our CI/CD pipelines using Infrastructure as Code (IaC) tools like Terraform for GCP resources, to prevent insecure or unstable deployments. You will automate security-critical tasks such as credential rotation, access reviews, and compliance checks programmatically, championing "Security as Code" and "Operations as Code" across the GCP environment and potential integrations with other systems. You will utilize APIs to develop solutions, collect identity-related data and automate security & operational tasks in a hybrid environment. 4. Observability, Monitoring, Threat Detection, and Incident Response: You will implement and maintain observability solutions (metrics, logs, traces) and configure relevant logging sources (including security and PAM logs) to gain deep insights into system behavior, performance, and security events. You will utilize detection and monitoring tools (like Dynatrace or similar platforms) to analyze system health, performance, and availability, proactively detect suspicious or malicious activity, and develop/maintain security, performance, and availability alerts, dashboards, and reporting. With our team being Global, you will provide support and be a key participant in the investigation and response to and resolution of security and reliability incidents, applying SRE practices and focusing on minimizing Mean Time To Detect (MTTD) and Mean Time To Recover (MTTR). 5. You will contribute to the overall cloud security and reliability strategy, specifically focusing on evolving our IAM and PAM posture in GCP to address emerging threats, business needs, and operational requirements. You will ensure that our IAM/PAM configurations and practices meet internal security standards, reliability targets (SLOs/SLIs), and external compliance requirements (e.g., SOC 2, ISO 27001), assisting in providing necessary audit evidence from relevant systems. You will research and evaluate new security and reliability technologies and approaches in the IAM/PAM space, understanding how different solutions compare and could potentially integrate or complement our existing setup. 6. Established and active employee resource groups You will share your security and reliability expertise for the ePAM platform, providing guidance and best practices to engineering, operations, and other teams. This includes helping teams understand secure credential handling, secure application interaction with GCP services, the importance of least privilege, and how these practices impact system reliability and performance across the different tools and platforms in use. You will collaborate closely with other security teams, SRE teams, and platform owners to support a cohesive security and reliability strategy across potentially disparate systems. 7. System Health, Security Maintenance, and Improvement: You will maintain the security health, operational health, and performance of our PAM Platform infrastructure and tools, primarily focused on GCP but understanding the health of integrated or related systems. You will stay current with the latest GCP security features, evolving security best practices, and advancements in cloud reliability patterns and SRE practices relevant to identity and access management. You'll also keep abreast of developments in major enterprise PAM approaches and solutions generally. You will continuously seek opportunities to improve our security posture and system reliability across the relevant systems. 8. Documentation: You will create and maintain high-quality documentation, including security standards, risk assessments, architecture diagrams for access controls (detailing how different systems connect), system runbooks, operational procedures, and monitoring configurations for GCP and integrated PAM flows. Bachelor's degree in Computer Science, Information Technology OR a combination of education and experience 5+ years of IT experience 3+ years of Enterprise Google Cloud engineering experience 2+ years of IT DevOps experience Strong written and verbal communication skills with a high degree of attention to detail. Proven ability to independently identify, analyze, and solve complex technical and operational problems with minimal oversight. Ability to quickly learn new technologies and share knowledge with others. Demonstrable ability to work effectively within a globally dispersed team environment. Proven track record to develop and document requirements and technical solutions. Solid understanding and practical application of Site Reliability Engineering (SRE) principles and practices (SLOs/SLIs, toil reduction, incident response). Experience with CI/CD Pipeline development and integration, including Infrastructure as Code (IaC) tools like Terraform. Strong understanding and practical experience with GCP Identity and Access Management (IAM) concepts (roles, policies, service accounts, conditions, security best practices) and leveraging related security services (Workload Identity Federation, Access Context Manager, Secret Manager, Cloud Audit Logs) relevant to PAM. Hands-on experience with core GCP platform components such as Cloud Resource Hierarchy, Cloud Run, Cloud Task, and Cloud Scheduler. Experience with containerization (Docker) and orchestration (e.g., Kubernetes/GKE). Understanding of common authentication and authorization protocols (e.g., OAuth, OIDC, SAML, LDAP). Familiarity with GCP policy enforcement mechanisms (e.g., Organization Policies, VPC Service Controls). Experience with scripting and programming languages (e.g. Python, Golang, BASH, PowerShell) and utilizing APIs (potentially including Microsoft Graph API) for automation, data collection, and solution development in hybrid environments. Experience managing codebase and projects in GitHub. Experience with relevant detection and monitoring tools for system health, performance, and security, including GCP native logging/monitoring (Cloud Monitoring, Cloud Audit Logs) and APM/Observability platforms (like Dynatrace or similar). Strong understanding of core security principles (least privilege, defense-in-depth, Zero Trust). Experience with Agile development concepts and tools such as JIRA. Understanding of Enterprise security domains, with a strong emphasis on Cloud Security Familiarity with other enterprise Privileged Access Management (PAM) tools, including understanding or experience with Microsoft Entra Privileged Access Management and Beyond Trust Password Safe. Experience with Perl programming/scripting. Familiarity with security risk assessment methodologies and compliance frameworks (e.g., SOC 2, ISO 27001) relevant to identity and access scenarios.
