Principal GCP DevSecOps Engineer

What success looks like in this role:

DevSecOps Pipeline Design & Automation:
Design and implement secure automated CI/CD pipelines in GCP using tools like Cloud Build GitLab CI/CD Jenkins and other DevOps platforms. Ensure that security is embedded throughout the SDLCfrom development through deployment.

Cloud Infrastructure Security:
Architect and manage secure GCP environments emphasizing best practices in Identity and Access Management (IAM) VPC Service Controls encryption and security boundaries to minimize risk and meet compliance requirements.

Security Integration:
Integrate security controls such as static/dynamic code analysis image vulnerability scanning policy enforcement (e.g. OPA/Gatekeeper) and compliance validation into DevOps workflows using tools like Snyk Checkmarx or Prisma Cloud.

Security Monitoring & Incident Response:
Monitor GCP environments using tools like Google Cloud Logging Security Command Center and Cloud Monitoring. Lead incident detection response and recovery activities including root cause analysis and threat mitigation.

Automation & Infrastructure as Code (IaC):
Use Terraform and Google Cloud Deployment Manager to provision and manage secure infrastructure. Apply GitOps principles to infrastructure management and automation.

Risk Management & Compliance:
Ensure GCPhosted services comply with standards such as PCIDSS SOC 2 ISO 27001 and GDPR. Implement and maintain technical controls and support security audits and reviews.

Collaboration & Mentoring:
Partner with engineering operations and security teams to advocate for and integrate security best practices. Guide junior team members and lead internal security enablement initiatives.

Continuous Improvement:
Stay updated on the latest GCP offerings DevSecOps methodologies cloud security threats and mitigation strategies. Recommend tools and processes for enhanced security efficiency and scalability.

Documentation & Reporting:
Maintain comprehensive documentation for security processes architectural decisions vulnerability management compliance reports and incident investigations.

You will be successful in this role if you have:

• Experience: 10 years in DevOps or Cloud Engineering roles with 5 years working on cloudnative security preferably in GCP environments.
• GCP Services Expertise: Proficient with GCP services like Compute Engine GKE Cloud Functions Cloud Run Cloud IAM Cloud KMS VPCs and Cloud Logging/Monitoring. Experience with GCPspecific security features like SCC Binary Authorization and VPC SC.
• DevOps Tools: Experience with CI/CD tools such as Cloud Build GitLab CI Jenkins or ArgoCD. Familiar with containerization and orchestration (Docker Kubernetes GKE).
• Security Tools & Practices: Proficiency with automated security tools (Snyk Checkmarx SonarQube etc. container security and IaC security scanning tools (e.g. tfsec Checkov).
• Infrastructure as Code (IaC): Extensive experience using Terraform and optionally GCP Deployment Manager to define and enforce securityfocused infrastructure configurations.
• Compliance & Risk Management: Practical knowledge of compliance frameworks and cloudspecific enforcement and audit tools like Forseti Security or GCP Policy Library.
• Security Architecture & Best Practices: Deep understanding of cloudnative security principles including least privilege zero trust encryption (at rest/in transit) network segmentation and secure software development lifecycle (SSDLC).
• Scripting & Automation: Strong scripting skills in Python Bash or Go for building automation tools and custom security integrations.
• Monitoring & Logging: Expertise in setting up logging monitoring and alerting pipelines using GCP native and thirdparty solutions. Familiar with threat detection and SIEM integrations.
• Incident Response & Forensics: Proven experience in handling cloud security incidents performing forensic analysis and implementing corrective measures.
• Certifications: Google Cloud Certified Professional Cloud Security Engineer Professional DevOps Engineer or equivalent industry certifications are highly preferred.
• Communication Skills: Excellent verbal and written communication skills to explain complex security concepts to technical and nontechnical stakeholders.

Preferred Qualifications:

• Experience with serverless and microservices security in GCP (Cloud Functions Cloud Run API Gateway).
• Familiarity with Anthos and hybrid/multicloud security strategies.
• Exposure to security automation in softwaredefined perimeters and service meshes (e.g. Istio).
• Experience with compliance automation tools and security scorecards.
• Knowledge of OWASP MITRE ATT&CK and NIST cybersecurity frameworks.

Benefit Highlights:
Unisys offers an outstanding benefits package featuring unlimited paid time off a 401(k) match comprehensive healthcare HSA matching ongoing learning opportunities and more! Were committed to supporting worklife balance and investing in your future success.

Video Interview Notice:
At Unisys we incorporate video interviews as a key part of our hiring process. This allows us to get to know you better and provide a more engaging and convenient interview experience. We appreciate your understanding and look forward to connecting with you virtually!

#LIJV1

This role may require access to exportcontrolled commodities and technology. Therefore to conform to U.S. export control regulations applicant should be eligible for any required authorizations from the U.S. Government.

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age caste citizenship color disability family medical history family status ethnicity gender gender expression gender identity genetic information marital status national origin parental status pregnancy race religion sex sexual orientation transgender status veteran status or any other category protected by law.

This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein or cannot otherwise complete your expression of interest without additional assistance and would like to discuss a request for reasonable accommodation please contact our Global Recruiting organization at or alternatively Toll Free:(Prompt 4. US job seekers can find more information about Unisys EEO commitment here.