Security Engineer

Cloudfresh is a Global Google Cloud Premier Partner, Zendesk Premier Partner, Asana Solutions Partner, GitLab Select Partner, Hubspot Platinum Partner, Okta Activate Partner, and Microsoft Partner.

Since 2017, we've been specializing in the implementation, migration, integration, audit, administration, support, and training for top-tier cloud solutions. Our products focus on cutting-edge cloud computing, advanced location and mapping, seamless collaboration from anywhere, unparalleled customer service, and innovative DevSecOps.

We're looking for a Google Cloud Security Engineer to harden client environments across GCP. You'll implement and help design security controls, automate guardrails, improve detection & response, and guide stakeholders through pragmatic, risk-based decisions across EMEA.

• 2+ years proven, hands-on experience in a Security Engineer, SecOps (or similar) role building and operating cloud security controls (GCP).
• Strong knowledge of Google Cloud architecture and native security services: Cloud IAM (least privilege, Conditions), Organization Policies, VPC / Private Service Connect, VPC Service Controls, Cloud Armor (WAF/DDoS), Security Command Center (SCC), Cloud KMS/CMEK/HSM, Secret Manager, IAP/BeyondCorp Enterprise (Context-Aware Access), Cloud Logging/Monitoring and GKE security.
• Technical certifications related to Cloud Solutions are an advantage (Google Professional Cloud Security Engineer, Professional Cloud Architect; CISSP/CCSP/ISO 27001 LI/LA a plus).
• Experience executing changes across multiple clients/verticals in EMEA/CEE with sound change control (CABs), documentation and participation in incident response/on-call.
• Excellent communication and strategic planning abilities, able to explain trade-offs, influence remediation, and drive adoption of guardrails.
• Proficient with engineering – tooling stacks: Terraform, GitHub/GitLab CI, OPA/Conftest / Policy Controller (Config Sync), Cloud Build/Deploy, Artifact Registry; comfortable with HubSpot and Asana for collaboration with account teams when needed.
• Basic scripting experience (e.g., Python, Bash, or gcloud CLI).
• Strong Plus experience with Cloudflare.
• Fluency in English.

• Design, implement, and operate security controls for GCPfor SMB & Enterprise clients across EMEA & CEE.
• Perform security audits for GCP and Google Workspace environments.
• Implement key features: Org Policies, IAM Conditions, break-glass flows, VPC design (private subnets, Cloud NAT), Private Service Connect, VPC Service Controls perimeters, Cloud Armor (WAF/MPA, rate limiting, geo/IP policies), IAP/BeyondCorp with Context-Aware Access, KMS/CMEK/HSM, Secret Manager, Confidential/Shielded VMs, Cloud IDS.
• Configure and monitor Security Command Center, audit logs, and threat protection
• Harden GKE & Workloads: private clusters, Workload Identity, Binary Authorization, Pod Security standards, NetworkPolicy, image scanning/provenance, OS patching via OS Config/VM Manager.
• Automate guardrails: Reusable Terraform modules, gated CI checks (OPA/Conftest/Policy Controller), drift detection and safe automated remediation; codify SCC mute rules and Cloud Armor policies.
• Establish logging, detection & IR: Standardize Cloud Audit Logs and Log Router sinks to CMEK log buckets; integrate to Chronicle SIEM; tune SCC (ETD/CTD/VM TD), build IR runbooks, triage incidents, and continuously improve MTTR.
• Assist clients with implementation of 2FA, DLP, and compliance controls.
• Generate security assessment reports and provide actionable recommendations.
• Collaborate with DevOps and infrastructure teams to fix vulnerabilities.
• Collaborate with ISSM: Work on maintaining ISO 27001 Security standards, performing annual networking tests.
• Continuously assess the landscape: track new GCP features (e.g., Assured Workloads, Confidential Space, reCAPTCHA Enterprise) and update baselines to improve posture, reliability, and cost efficiency.

• Experience with multi-cloud or hybrid environments
• Familiarity with Google Workspace Enterprise security features
• Basic knowledge of SIEM or zero trust architectures

• Competitive Salary & Transparent Motivation: Receive a competitive base salary with performance-based bonuses, providing clear financial rewards for your success.
• Flexible Work Format: Work remotely with flexible hours, allowing you to balance your professional and personal life efficiently.
• Training with Leading Cloud Products: Access in-depth training on cutting-edge cloud solutions, enhancing your expertise and equipping you with the tools to succeed in an ever-evolving industry.
• International Collaboration: Work alongside A-players and seasoned professionals in the cloud industry. Expand your expertise by engaging with international markets across the EMEA and CEE regions.
• Vibrant Team Environment: Be part of an innovative, dynamic team that fosters both personal and professional growth, creating opportunities for you to advance in your career.
• When applying to this position, you consent to the processing of your personal data by CLOUDFRESH for the purposes necessary to conduct the recruitment process, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).
• Additionally, you agree that CLOUDFRESH may process your personal data for future recruitment processes.