Principal GCP DevSecOps Engineer

What success looks like in this role:

DevSecOps Pipeline Design & Automation:
Design and implement secure, automated CI/CD pipelines in GCP using tools like Cloud Build, GitLab CI/CD, Jenkins, and other DevOps platforms. Ensure that security is embedded throughout the SDLC—from development through deployment.

Cloud Infrastructure Security:
Architect and manage secure GCP environments, emphasizing best practices in Identity and Access Management (IAM), VPC Service Controls, encryption, and security boundaries to minimize risk and meet compliance requirements.

Security Integration:
Integrate security controls such as static/dynamic code analysis, image vulnerability scanning, policy enforcement (e.g., OPA/Gatekeeper), and compliance validation into DevOps workflows using tools like Snyk, Checkmarx, or Prisma Cloud.

Security Monitoring & Incident Response:
Monitor GCP environments using tools like Google Cloud Logging, Security Command Center, and Cloud Monitoring. Lead incident detection, response, and recovery activities, including root cause analysis and threat mitigation.

Automation & Infrastructure as Code (IaC):
Use Terraform and Google Cloud Deployment Manager to provision and manage secure infrastructure. Apply GitOps principles to infrastructure management and automation.

Risk Management & Compliance:
Ensure GCP-hosted services comply with standards such as PCI-DSS, SOC 2, ISO 27001, and GDPR. Implement and maintain technical controls and support security audits and reviews.

Collaboration & Mentoring:
Partner with engineering, operations, and security teams to advocate for and integrate security best practices. Guide junior team members and lead internal security enablement initiatives.

Continuous Improvement:
Stay updated on the latest GCP offerings, DevSecOps methodologies, cloud security threats, and mitigation strategies. Recommend tools and processes for enhanced security, efficiency, and scalability.

Documentation & Reporting:
Maintain comprehensive documentation for security processes, architectural decisions, vulnerability management, compliance reports, and incident investigations.

You will be successful in this role if you have:

• Experience: 10+ years in DevOps or Cloud Engineering roles, with 5+ years working on cloud-native security, preferably in GCP environments.
• GCP Services Expertise: Proficient with GCP services like Compute Engine, GKE, Cloud Functions, Cloud Run, Cloud IAM, Cloud KMS, VPCs, and Cloud Logging/Monitoring. Experience with GCP-specific security features like SCC, Binary Authorization, and VPC SC.
• DevOps Tools: Experience with CI/CD tools such as Cloud Build, GitLab CI, Jenkins, or ArgoCD. Familiar with containerization and orchestration (Docker, Kubernetes, GKE).
• Security Tools & Practices: Proficiency with automated security tools (Snyk, Checkmarx, SonarQube, etc.), container security, and IaC security scanning tools (e.g., tfsec, Checkov).
• Infrastructure as Code (IaC): Extensive experience using Terraform and optionally GCP Deployment Manager to define and enforce security-focused infrastructure configurations.
• Compliance & Risk Management: Practical knowledge of compliance frameworks and cloud-specific enforcement and audit tools like Forseti Security or GCP Policy Library.
• Security Architecture & Best Practices: Deep understanding of cloud-native security principles including least privilege, zero trust, encryption (at rest/in transit), network segmentation, and secure software development lifecycle (SSDLC).
• Scripting & Automation: Strong scripting skills in Python, Bash, or Go for building automation tools and custom security integrations.
• Monitoring & Logging: Expertise in setting up logging, monitoring, and alerting pipelines using GCP native and third-party solutions. Familiar with threat detection and SIEM integrations.
• Incident Response & Forensics: Proven experience in handling cloud security incidents, performing forensic analysis, and implementing corrective measures.
• Certifications: Google Cloud Certified – Professional Cloud Security Engineer, Professional DevOps Engineer, or equivalent industry certifications are highly preferred.
• Communication Skills: Excellent verbal and written communication skills to explain complex security concepts to technical and non-technical stakeholders.

Preferred Qualifications:

• Experience with serverless and microservices security in GCP (Cloud Functions, Cloud Run, API Gateway).
• Familiarity with Anthos and hybrid/multi-cloud security strategies.
• Exposure to security automation in software-defined perimeters and service meshes (e.g., Istio).
• Experience with compliance automation tools and security scorecards.
• Knowledge of OWASP, MITRE ATT&CK, and NIST cybersecurity frameworks.

Benefit Highlights:
Unisys offers an outstanding benefits package, featuring unlimited paid time off, a 401(k) match, comprehensive healthcare, HSA matching, ongoing learning opportunities, and more! We’re committed to supporting work-life balance and investing in your future success.

Video Interview Notice:
At Unisys, we incorporate video interviews as a key part of our hiring process. This allows us to get to know you better and provide a more engaging and convenient interview experience. We appreciate your understanding and look forward to connecting with you virtually!

#LI-JV1

This role may require access to export-controlled commodities and technology.  Therefore, to conform to U.S. export control regulations, applicant should be eligible for any required authorizations from the U.S. Government.

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.

This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at [email protected] or alternatively Toll Free: 888-560-1782 (Prompt 4).  US job seekers can find more information about Unisys’  EEO commitment here.