Sr. Cloud Engineer I – Google Workspace/GCP

Sr. Cloud Engineer I – Google Workspace/GCP

Requirements

• An Active Secret Security clearance with the ability to obtain a Top Secret
• Ability to be onsite 5 days a week in Washington, DC.
• 5+ years of experience in cybersecurity engineering, cloud security, or IT security, with a focus on Google Workspace (G Suite), AWS or Azure.
• Strong expertise in Google Admin Console, Security Center, Google Vault, and Cloud Identity, AWS Management Console, or Azure Portal.
• Hands-on experience with Google Workspace API security, OAuth, and API integrations, AWS IAM, or Azure Active Directory.
• Proven experience in managing cloud security platforms, particularly Google Workspace and Netskope, AWS or Azure.
• Proficiency in DLP, Zero Trust architectures, IAM (Google Cloud Identity, AWS IAM, or Azure AD), and email security (DKIM, SPF, DMARC).
• Familiarity with SIEM/SOAR platforms, threat detection, and security logging within Google environments, AWS, or Azure.
• In-depth knowledge of cloud-based systems, integrations, and risk management processes across Google Workspace, AWS, or Azure.
• Strong understanding of federal security frameworks such as NIST 800-53, FedRAMP, FISMA, and DISA STIGs.
• Experience working in an on-prem and hybrid cloud security environment.
• Familiarity with incident response procedures and security incident escalation.
• Strong communication skills, including the ability to explain complex technical concepts to non-technical stakeholders.
• Ability to work independently and manage multiple tasks in a dynamic, fast-paced environment.
• Experience with continuous monitoring, security compliance, and risk analysis frameworks.
• Strong understanding of governance and policy creation for cloud systems.
• Familiarity with compliance requirements and regulatory standards for cloud environments.
• Experience in testing and evaluating technology to ensure optimal performance and security.
• Previous experience working closely with product owners, system owners, and security teams.

Responsibilities

• Oversee and manage the configuration of multiple tenants in the Department-owned FAN (Google Workspace) and Netskope products, ensuring seamless operation and security compliance across all environments.
• Assist in integrating Netskope with additional cloud systems or applications as required by system owners, ensuring proper functionality and security alignment.
• Conduct risk assessments for apps, scripts, and extensions submitted via a request process. Ensure risk analysis follows the process outlined in the Initial Netskope Integration Change Request.
• Provide daily support for reviewing and resolving Netskope-related incidents. Investigate, escalate issues as necessary, and report through the documented incident response procedures.
• Provide ongoing guidance and governance for the Google Workspace system, ensuring security best practices and compliance are upheld.
• Oversee continuous monitoring activities in accordance with the compliance dashboard. Make recommendations and take follow-up actions to mitigate previously unknown security gaps.
• Brief the ISSO quarterly on continuous monitoring artifacts, highlighting any findings, recommendations, or required actions.
• Actively participate in Google Workspace and Netskope meetings to stay informed of updates and collaborate with cross-functional teams.
• Review and approve change requests, ensuring that changes align with organizational policies and security standards.
• Work closely with the Google Workspace product owner, system owner, and ISSO to resolve issues, remove impediments, and provide security recommendations for cloud-based systems.
• Test new capabilities, configurations, and services to ensure that technology is properly understood. Provide recommendations for policy, governance, and solutions based on testing outcomes.
• Address and respond to user questions and concerns in a timely manner, particularly those related to cloud security policies, such as external sharing policies.
• While primarily cloud-based, there may be a future need to extend responsibilities to device management as the systems evolve.

Preferred Qualifications

No preferred qualifications provided.