Google Workspace & Cloud Engineer

About the Role

SoFis Corporate Applications team is responsible for the platforms that power employee productivity identity and secure access across the company. As our environment continues to evolve we are investing in stronger platform ownership automation and governance across Google Workspace Google Cloud Platform (GCP) and our broader SaaS ecosystem.

We are seeking a Google Workspace & GCP Engineer with primary ownership of Google Workspace and GCP Administration with a strong security automation and governance mindset. This role supports and stabilizes a multi-domain environment while driving improvements in security posture automation maturity documentation cloud identity management and third-party application governance.

We use ServiceNow and Jira to manage requests change workflows and operational this role youll partner with tool owners and automation engineers to ensure platform changes and lifecycle processes are reliable traceable and continuously improved.

This role reports directly to the hiring manager and will be trusted with meaningful platform responsibilities early with opportunities to take on broader ownership as experience and judgment are demonstrated. Access to Google Workspace GCP Slack and integrated SaaS platforms is centrally managed through an identity provider with a strong emphasis on consistent identity access and lifecycle controls.

Primary platforms are Google Workspace and GCP.
Secondary responsibilities include governance and backup administration for Slack and other SaaS tools that integrate with Google Workspace and GCP.

What Youll Do

• Administer Google Workspace (multi-domain) and GCP in a production environment

• Execute Joiner/Mover/Leaver lifecycle management including provisioning deprovisioning and license governance

• Manage OUs groups shared drives Gmail Drive Calendar Chrome Enterprise and Workspace service configurations

• Administer GCP org structure (org folders projects) and enforce least-privilege IAM role assignments

• Govern service accounts APIs and automation access across Workspace and GCP

• Integrate and align access controls across Google Workspace GCP and Okta

• Monitor audit logs detect risky access/sharing patterns and support security investigations

• Administer Google Vault retention policies and legal holds

• Review and govern OAuth apps and third-party integrations (allow/deny exceptions access reviews)

• Partner on CASB/SSPM remediation and proactively reduce SaaS and cloud risk

• Identify cloud/SaaS cost inefficiencies and recommend optimization opportunities

• Automate administration using GAM/GAMADV-XTD3 Google Admin SDK APIs and scripting (Python Bash PowerShell)

• Partner with automation engineers to pilot and operationalize agentic AI tooling for admin workflows (triage access reviews drift detection) including validation logging and change controls.

• Partner with ServiceNow/Jira tool owners to improve workflow-driven automations for access lifecycle and governance (routing approvals notifications evidence)

• Improve reliability and scalability of lifecycle license and access governance automation

• Operate within structured ITSM processes (ServiceNow) maintain documentation/runbooks and support CMDB accuracy

• Provide secondary governance support for Slack and integrated SaaS platforms
  

What Youll Need

• 3 years hands-on Google Workspace administration experience in production

• 2 years Scripting proficiency (Python Bash or PowerShell)

• 2 years working knowledge of GCP IAM project administration and service account governance

• Experience governing Slack and integrated SaaS applications with a focus on identity alignment access control and compliance

• Strong understanding of IAM least-privilege access and risk-based security controls

• Experience with GAM or GAMADV-XTD3

• Experience with enterprise identity providers (e.g. Okta) including SSO and SCIM provisioning

• Familiarity with audit logging compliance controls and OAuth governance

• Experience working within structured ITSM environments (ServiceNow preferred)

• ServiceNow experience preferred (incident request change workflows)

• Understanding of CMDB concepts and change management processes

• Strong written and verbal communication skills

• Experience stabilizing or modernizing legacy environments

Required Experience:

IC