GCP IAM Engineer / GCP Cloud Security Engineer

**W2 Only - no 3rd party, no 1099, no C2C**

GCP IAM / Cloud Security Engineer

CSI Companies is hiring a GCP IAM / Cloud Security Engineer for a consulting opportunity with a large enterprise financial services client. This role will support secure Google Cloud Platform environments with a focus on GCP IAM, Terraform, Python automation, cloud security controls, compliance, and audit readiness.

This is not a general IAM role. Candidates must have hands-on Google Cloud Platform / GCP IAM experience and be able to clearly explain prior GCP IAM implementation, configuration, automation, or support work.

Location: Onsite in Plano, TX

Pay: $55 to $65/hr W2

Schedule: Standard business hours

Position Type: Consultant

Openings: 2

Work Authorization

Candidates must be authorized to work in the United States and eligible for W2 employment without sponsorship. No corp-to-corp, subcontracting, or visa sponsorship arrangements are available.

Role Overview

This role will support the implementation of secure access controls and cloud security guardrails across Google Cloud Platform environments. The consultant will help establish secure, governed access to GCP services and enterprise cloud platforms while maintaining strict compliance with enterprise security standards.

The ideal candidate has direct hands-on experience with GCP IAM and can clearly describe the projects they supported, the controls they implemented, and how their work improved security, compliance, or cloud onboarding.

Responsibilities

• Design, configure, and enforce GCP IAM controls, organizational policies, and identity security guardrails
• Support secure access models across Google Cloud environments, including service accounts, roles, permissions, IAM policies, projects, folders, and resource hierarchy
• Support GCP Vertex AI IAM and secure access models for enterprise AI/cloud platform enablement
• Build and maintain Terraform modules for IAM and cloud security controls
• Use Python scripting to automate IAM policy validation, access control workflows, API integrations, and cloud security tasks
• Translate security and compliance requirements into technical controls and implementation standards
• Define encryption standards, key management patterns, and secrets management practices
• Establish logging, monitoring, audit evidence, and compliance reporting standards
• Implement network and security controls across GCP infrastructure
• Support API security including OAuth 2.0, OIDC, API keys, and token management
• Strengthen container security using GKE workload identity and service mesh authentication
• Support exception handling, risk acceptance workflows, remediation tracking, and audit readiness
• Partner with engineering, cloud, and security teams to support secure cloud onboarding

Required Skills

• 5 years of experience in cloud security, IAM, identity management, DevSecOps, or cloud infrastructure security
• Strong hands-on experience with Google Cloud Platform, especially GCP IAM
• Ability to clearly explain prior hands-on GCP IAM project work, including what you personally configured, implemented, automated, or supported
• Experience with GCP resource hierarchy, organizational policies, service accounts, roles, permissions, IAM policies, and access control models
• Hands-on Terraform experience, ideally with GCP providers, IAM module development, state management, remote backends, and workspace/environment management
• Python scripting experience for automation, API integration, IAM policy management, or cloud security workflows
• Strong understanding of security, compliance, and access control models in enterprise environments
• Experience with zero-trust architecture principles and sensitivity-based access controls
• Knowledge of encryption, key management, Cloud KMS, and Secret Manager
• Experience with network and security controls in cloud environments
• Familiarity with VPC networking, Shared VPC, Private Google Access, VPC Service Controls, firewall rules, Cloud Armor, Cloud Load Balancing, and Private Service Connect
• Experience with API security concepts including OAuth 2.0, OIDC, API keys, and token management
• Experience with logging and monitoring tools such as Cloud Logging, Cloud Monitoring, and SIEM integrations
• Experience with Git/version control tools such as GitLab, GitHub, or Bitbucket
• Experience with CI/CD pipelines using Jenkins, GitLab CI, Cloud Build, or similar tools
• Strong communication skills and the ability to work with engineering and security stakeholders

Nice to Have

• Experience with GCP Vertex AI IAM
• Experience supporting AI/ML platform security or secure access to model endpoints
• Financial services or highly regulated enterprise experience
• Familiarity with SOC 2, ISO 27001, PCI-DSS, or similar compliance frameworks
• Experience with container security, including GKE workload identity
• Experience with service mesh authentication such as Istio or Anthos Service Mesh
• Experience with threat modeling, vulnerability management, or incident response
• Experience supporting large-scale enterprise cloud environments

Who Should Apply

This role is a strong fit for a hands-on GCP IAM, cloud security, or DevSecOps professional who has direct Google Cloud experience and enjoys building secure cloud foundations, automating security controls, and helping enterprise teams adopt cloud platforms in a secure and compliant way.

Candidates should be prepared to discuss specific examples of their hands-on GCP IAM experience during the interview process.