Senior GCP Architect – Cloud Engineer

This is a fully remote position, open to applicants in Washington.

📋 Description

• Oversee the design and execution of GCP Entitlement and Access Control systems, which encompass IAM policies, governance of service accounts, and implementation of least-privilege access models.

• Create and implement a self-service Landing Zone framework that allows Platform Engineering teams to consistently provision and manage cloud environments at scale.

• Co-manage the development of a Platform Ops Portal that includes management features such as environment provisioning, access requests, cost transparency, and operational workflows.

• Collaborate with client engineering and security teams to ensure the access control model aligns with regulatory and compliance standards within the financial services sector.

• Establish and maintain GCP governance guardrails, inclusive of organization policies, resource hierarchy structuring, and VPC Service Controls.

• Lead technical reviews, identify shortcomings, and refine the delivery strategy prior to project initiation.

• Empower internal teams through comprehensive documentation, runbooks, and knowledge transfer that endure beyond the engagement.

⛳️ Requirements

• A minimum of 7 years in cloud engineering or architecture, with at least 4 years of hands-on experience with GCP in a lead or architect role.

• Extensive knowledge of GCP IAM, covering workload identity, service account administration, custom roles, and policy inheritance.

• Demonstrated experience in designing Landing Zones or platform engineering frameworks on GCP (e.g., Cloud Foundation Toolkit, blueprints, or similar concepts).

• Experience in building or contributing to internal developer portals or Platform Ops tools (such as Backstage, custom portals, or equivalent).

• Strong expertise in Infrastructure-as-Code, particularly with Terraform on GCP.

• Capability to engage directly with client stakeholders and convert technical architecture choices into understandable recommendations.

• Nice to Have: Familiarity with GCP Security Command Center, Chronicle, or Access Transparency.

• Knowledge of GCP Assured Workloads or sovereign cloud configurations tailored for regulated sectors.

• Experience in multi-cloud environments with GCP as the primary landing zone.

• Google Cloud Professional certifications (such as Cloud Architect, Security Engineer, or equivalent) are preferred.

🏝️ Benefits

• Employees have the option to work remotely.