Senior Cloud Security Engineer at 4G Capital
4G Capital
What You'll Do
Own and continuously improve the cloud security posture across our GCP organisation.
Design and enforce least-privilege IAM/RBAC models at organisation level
Secure VPC networking, firewall policies, private connectivity, and perimeter protections including Cloud Armor.
Strengthen API gateway security (Apigee or equivalent) and service-to-service authentication patterns.
Operationalise Security Command Center and drive structured remediation of high-risk findings.
Embed security controls into CI/CD pipelines, integrating SAST, DAST, dependency, container, and secret scanning.
Define and enforce secure Infrastructure as Code standards using Terraform and policy-as-code guardrails.
Prevent configuration drift and enforce secure deployment patterns across environments.
Support audit readiness, governance initiatives, and regulatory compliance requirements.
Participate in incident response and drive post-incident security improvements.
What We're Looking For
5+ years of experience in Cloud Security, Platform Security, or DevSecOps within production environments.
Deep, hands-on experience securing multi-project environments on Google Cloud Platform.
Strong expertise in IAM design, access governance, and role inheritance modeling.
Advanced understanding of VPC networking, firewall rules, private connectivity, and Zero Trust architecture.
Experience with cloud security posture management tools such as Security Command Center, Cloud Armor.
Experience securing API gateways (Apigee preferred) and modern cloud-native architectures.
Strong Terraform and Infrastructure as Code experience with embedded security controls.
Proven ability to integrate security controls into CI/CD pipelines and engineering workflows.
Experience securing containerized and/or serverless workloads (Docker, Kubernetes, Cloud Run).
Solid understanding of application security principles (OWASP Top 10, secure coding practices).
Strong scripting and automation skills (Bash, Python).
Experience operating within regulated or compliance-driven environments is advantageous.