Cloud Security Engineer/Consultant

Location: Warsaw (PL)

Experience Level: Senior

Description

The product we are working on is one of TOP-3 navigation systems, complex web-services and other solutions related to it. The web and mobile apps handle information at massive scale and extend well beyond the search giving people and companies a lot of new useful options.

This role is dedicated to executing high-impact security remediation and risk reduction initiatives within the Google Cloud Platform (GCP) environment. The primary objective is to resolve legacy security technical debt resulting from manual infrastructure configurations and overly permissive Identity and Access Management (IAM) controls. In this role you will drive the strategic reduction of ambient GCP access privileges across hundreds of projects improving security controls to improve overall security posture.

Responsibilities

• Execute Remediation: Actively drive security remediation efforts to address over-privileged access permissions and address infrastructure misconfigurations. Specific duties include:
• Collaborating with Security and Software Engineering (SWE) teams to review and implement changes to permissions, group and service configurations.
• Review, recommend, and execute changes that enforce least privilege access models, specifically targeting and reducing ambient administrative access patterns.
• Guide teams in addressing security policy drift where manual environment changes bypass established controls working to ensure production assets maintain a hardened security state.
• Code Modification and Updates: Review policy and GCP IAM changes aligned with remediation efforts by creating and submitting code change requests (CLs) or pull requests (PR) in version control systems.
• Security Consultations: Triage support questions from engineers and GCP project owners regarding group management, GCP IAM access management, Security Org Policies and infrastructure misconfigurations. Guide customers through workflows or answer and resolve configuration issues and questions..
• Inventory Management: Identify, assign, and update asset ownership and inventory records in relevant systems to ensure inventory and clear accountability of resources.
• Bug and Vulnerability Triage: Review and triage bugs and vulnerabilities, routing them to appropriate teams, and conduct regular reviews to ensure proper remediation actions are performed.
• Documentation: Create or update workflows, playbooks, and FAQs as needed to prevent or reduce the need for future consultations for repeat issues.

Requirements

• 5+ years of hands-on experience with security hardening of cloud-based infrastructure
• IAM Expertise: Expertise in configuring GCP IAM policies, roles (especially custom roles), and Service Accounts to enforce the Principle of Least Privilege (PoLP).
• Infrastructure-as-Code & Version Control: Family with Infrastructure-as-Code (IaC) tooling, combined with experience with Git version control systems for submitting and reviewing Code Change Requests (CLs/PRs).
• Security Assessment: Skill in technically assessing existing permissions and service configurations to identify, target, and reduce overly permissive or ambient administrative access.
• GCP Ecosystem Knowledge: Familiarity with GCP's Resource Hierarchy and related security controls, such as Organization Policies, IAM Permission & IAM Roles.
• Security Policy Translation: Ability to translate high-level security requirements and remediation efforts into specific, technical IAM and security control changes on GCP.
• Availability: A minimum 4-hour daily working overlap with US Pacific Time (PST/PDT) between 8:00 AM and 4:00 PM PT is required.

Nice-to-have requirements

• Extended Availability: Additional overlap with Israel Time (IST/IDT) is highly desirable.
• Project Management Familiarity: Ability to assist in ensuring clearly defined plans are executed and regular progress is aligned to project KPIs.

We offer

• Opportunities to develop in various areas
• Compensation package (20 paid vacation days, paid sick leaves)
• Flexible working hours
• Paid tech training and other activities for professional growth

If your qualifications and experience match the requirements of the position, our recruitment team will reach out to you in a week maximum. Please rest assured that we carefully consider each candidate, but due to the amount of applications the review and further processing of your candidacy may take some time.