Cloud Security Engineer (GCP)
Job Description
The Cloud Security Engineer role is an entry level position that will provide hands-on support to our cloud engineering team. This position will be a technical anchor for our GCP security and compliance automation efforts. This is a hands-on, action-oriented role, where you will actively triage, and remediate prioritized vulnerabilities across our infrastructure.
About Us
We are a high-growth secure VDI (Virtual Desktop Infrastructure) provider built on the Kasm Workspaces platform. Our primary mission is to provide secure, cost-effective VDI solutions for organizations seeking CMMC (Cybersecurity Maturity Model Certification) compliance.
Our solution is a fraction of the cost of traditional Microsoft-based VDI solutions and we are scaling exponentially. As a result, we are increasing our cloud engineering so that we can continue to meet federal compliance requirements and serve our clients with the best possible solution.
Key Responsibilities
- Build self-service, automated security guardrails that enable teams to move fast safely.
- CVE Remediation: Driving resolution for vulnerabilities identified through vulnerability scanning tools, working closely with engineering team members and providing clear, actionable fix guidance and or actioning fix requests yourself through pull requests.
- Architect: Design and Develop solutions that embed security into our infrastructure from build to runtime, turning compliance requirements into code and manual checks into automated pipelines.
- Manage Google Security Command Center: Configure and tune Web Security Scanner, Vulnerability Scanning, and Threat Detection. Aggregate, prioritize, and track findings; either provide clear remediation guidance to engineering teams or submit pull requests with fixes directly.
- Automate Compliance Baselines: Develop and maintain Infrastructure as Code (Terraform/Terragrunt, Ansible, Packer) that enforces STIGs, CISA guidelines, and internal security standards for VMs, containers, and cloud resources.
- Build Container Security Gates: Design and implement automated compliance validation for Docker images using Trivy and custom policies. Create CI/CD (GitHub Actions) enforcement that prevents non-compliant images from reaching production.
- Shift Security Left: Work with engineering leadership to Embed security scanning and validation into developer workflows, making secure defaults the easy path.
- Relationship Management: Build and maintain strong, long term relationships with our partners in the Compliance department acting as a consistent point of contact and trusted advisor on compliance related issues.
Required Skills & Experience (Non-Negotiable)
- U.S. Citizenship: Must be a U.S. citizen located within the United States.
- Technical Expertise: 3+ years securing GCP environments with hands-on experience in Security Command Center and cloud-native controls.
- Automation-First Mindset: Proven ability to code security solutions, with proficiency in Bash, Go, and Python. You treat infrastructure and compliance as software problems.
- IaC Proficiency: Strong experience with Terraform/Terragrunt and Ansible for secure, repeatable infrastructure deployment.
- Container Security: Deep understanding of Docker image security, scanning tools (Trivy), and implementing image admission policies.
- CI/CD Integration: Experience building security automation into GitHub Actions or similar pipelines.
- Compliance Knowledge: Familiarity with STIGs, CIS benchmarks, or CISA hardening guides and how to codify them.
Preferred/Bonus Skills
- Packer experience for building hardened machine images
- Prior DevSecOps or platform engineering roles
- Contributions to security or infrastructure open-source projects
Role Details
- Type: W-2 Full Time
- Location: 100% Remote (within the United States)
