DevSecOps Engineer


Job Description: We're on the lookout for a proficient and experienced DevSecOps Engineer with specialized expertise in Google Cloud Platform (GCP) to join our dynamic team. As a pivotal member, you'll be instrumental in ensuring the security and integrity of our software development processes on GCP. Your mastery of GCP, Rego policies, and Terraform will play a crucial role in constructing a secure and efficient development pipeline.


  • Develop, implement, and maintain Rego policies to enforce security controls and compliance standards within our GCP infrastructure and applications.
  • Collaborate with development and operations teams to integrate security into the GCP-focused CI/CD pipeline, automating security checks and scans for seamless incorporation.
  • Utilize your GCP expertise to architect and deploy secure microservices and containerized applications, ensuring compliance with GCP security best practices.
  • Design and implement infrastructure-as-code (IaC) using Terraform to define and manage GCP resources securely and efficiently.
  • Conduct thorough security assessments on GCP environments, leveraging GCP-specific security tools and technologies to identify and mitigate potential vulnerabilities.
  • Perform threat modeling and risk assessments for GCP deployments, crafting tailored security solutions for GCP services.
  • Collaborate with cross-functional teams to promptly respond to GCP-specific security incidents, conduct root cause analysis, and implement corrective actions.
  • Stay abreast of GCP advancements, industry security trends, and best practices, sharing insights and knowledge with team members.
  • Foster a culture of security awareness specific to GCP environments, integrating security considerations throughout the development process.


  • Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
  • Demonstrated experience as a DevSecOps Engineer with a strong emphasis on GCP.
  • Proficiency in Rego policies and policy-as-code practices, particularly with implementation in GCP (essential).
  • Deep understanding of GCP services, security controls, and best practices.
  • Experience using GCP-specific security tools, vulnerability scanners, and penetration testing tools.
  • Familiarity with Wiz and its integration for continuous security monitoring in GCP environments.
  • Strong background in infrastructure-as-code (IaC) using Terraform for provisioning and managing GCP resources.
  • Knowledge of CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI/CD) with GCP integrations.
  • Solid grasp of GCP security frameworks, standards, and compliance requirements.
  • Understanding of container security in GCP and experience securing microservices.
  • Excellent communication and collaboration skills, with the ability to work effectively in cross-functional teams.
  • Relevant GCP certifications such as Google Professional DevOps Engineer, Google Professional Cloud Security Engineer, or similar certifications are highly advantageous.