Google
Security Engineer, Google Distributed Cloud Air-Gapped Compliance
Found: Today
Security Engineer, Google Distributed Cloud Air-Gapped Compliance
About the job
Our Security team works to create and maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively monitor our systems for attacks and intrusions. In this role, you will also work with software engineers to proactively identify and fix security flaws and vulnerabilities.
In this role, you will ensure Google Distributed Cloud air-gapped (GDCag) meets compliance requirements for Public Sector, Defense Industry, Critical National Infrastructure, and Financial Sector customers by establishing governance frameworks aligned with NIST SP 800-53-FedRAMP and other standards for continuous compliance. You will leverage integrated cloud services, machine learning technologies, and Kubernetes API-based ecosystems with flexible hardware options. You will require specialized knowledge of GDC air-gapped security protocols, architecture, security regulations, compliance controls, system-level designs, and certification audits across commercial, U.S. government, foreign governments, and ISO standards, with the ability to craft narratives communicating these concepts effectively.
Minimum qualifications:
- Bachelor's degree or equivalent practical experience.
- 8 years of experience with security assessments or security design reviews or threat modeling.
- 8 years of coding experience in one or more general purpose languages.
- 3 years of experience leading teams in a technical capacity or leading technical risk analysis in an enterprise environment.
- Experience with global compliance frameworks and accreditation (e.g., FedRamp High, ISO 27001, NIST 800-53, AU-ISM, etc.).
Preferred qualifications:
- Experience leveraging strong technical skills in a customer-facing and strategic capacity.
Responsibilities
- Review and provide inputs about requirements across relevant regulatory frameworks and technical standards and determine their applicability to GDC air-gapped.
- Conduct implementation reviews and report on their findings.
- Conduct risk assessments, identify opportunities for compliance process improvements, and lead engineering projects to implement solutions for monitoring, audit tooling, reporting, alerting, and evidence generation/collection.
- Oversee engineering projects from a technical compliance perspective, collaborate with engineering teams on security and compliance improvements, and advise on compliant and secure implementation options during design reviews.
- Participate in compliance meetings, contribute subject matter expertise for decision-making and certification audits, support security assessments, develop an understanding of various compliance regimes (commercial, U.S. government, foreign governments, ISO), and assist with incident and vulnerability response.