Senior DevOps Engineer

About the Role

We are seeking an experienced DevOps Engineer with deep expertise in Google Cloud Platform (GCP),

Infrastructure as Code (IaC), and cloud security foundations.

This role focuses on building, securing, and automating cloud environments using Terraform, enforcing

auditing and observability standards, and ensuring BCDR (Business Continuity & Disaster Recovery)

readiness. You will play a key role in implementing CSPM, SIEM, Cloud Armor policies, and managing

secure network perimeters with Palo Alto firewalls and VPNs.

You'll work closely with security, infrastructure, and application engineering teams to ensure the GCP

environment is scalable, resilient, secure, and compliant.

Key Responsibilities

1. Cloud Infrastructure & Automation

Design, provision, and maintain scalable infrastructure on Google Cloud Platform (GCP)

following Cloud Foundation Toolkit (CFT) principles.

Implement Infrastructure as Code (IaC) using Terraform and Terragrunt, ensuring modular,

reusable, and version-controlled deployments.

Manage multi-project GCP environments with proper IAM, networking, and resource hierarchy

policies.

2. Security, Compliance & Governance

Define and implement Cloud Security Posture Management (CSPM) and enforce organizational

security baselines.

Configure and maintain Cloud Armor, Palo Alto Firewalls, and VPNs for network-level security

and access control.

Collaborate with InfoSec teams to establish BCDR, IAM policies, service account hardening,

and compliance audits (e.g., ISO 27001, SOC2).

Integrate and tune SIEM solutions (e.g., Chronicle, Splunk, or Cloud Logging) for proactive

threat detection and log correlation.

3. Observability & Reliability

Implement end-to-end monitoring, logging, and alerting using Google Cloud Operations Suite

(Stackdriver), Prometheus, and Grafana.

Develop standardized observability dashboards and SLO-based alerting.

Collaborate with development teams to implement application-level logging, tracing, and

metrics.

4. Business Continuity & Disaster Recovery

Design and test BCDR strategies, including cross-region replication, failover automation, and

data recovery plans.

Conduct periodic DR drills, backup verification, and failover testing in compliance with

business SLAs.

5. Networking & Connectivity

Manage hybrid connectivity using Cloud VPN, Interconnect, and VPC peering.

Configure and maintain firewall policies, routing, and subnet isolation to enforce zero-trust

architecture principles.

Troubleshoot network bottlenecks, DNS, and latency issues across services.

6. CI / CD & Automation

Build and maintain secure CI / CD pipelines using Cloud Build, GitHub Actions, or Jenkins.

Integrate automated testing, security scans, and policy enforcement within the delivery

pipelines.

Automate routine operational processes to improve efficiency and reliability.

Required Skills & Qualifications

5 10 years of DevOps / Cloud Infrastructure experience.

Strong hands-on expertise in Google Cloud Platform (GCP) - IAM, VPC, Cloud Run, Cloud SQL,

Pub / Sub, GKE, and Cloud Storage.

Deep understanding of Terraform, IaC principles, and modular infrastructure design.

Proven experience with Cloud Security, BCDR, networking, and governance in cloud

environments.

Experience with Cloud Armor, WAF, firewall rules, and Palo Alto Next-Gen Firewalls.

Hands-on with SIEM, CSPM, and cloud-native security monitoring tools.

Experience implementing monitoring and observability stacks (Stackdriver, Prometheus,

Grafana, ELK, OpenTelemetry).

Familiar with VPN, zero-trust access, and secure service-to-service communication.

Strong scripting skills in Python, Bash, or Go.

Experience with CI / CD tools (Cloud Build, Jenkins, GitHub Actions) and GitOps practices.

Preferred Skills (Good to Have)

Familiarity with Google Cloud Organization Policies, Landing Zone architectures, and Cloud

Foundation Toolkit (CFT).

Knowledge of security frameworks such as CIS Benchmarks, NIST 800-53, or SOC2 controls.

Experience in Fintech, BFSI, or regulated environments with strict compliance mandates.

Working knowledge of Kubernetes (GKE) and service mesh (Istio / Anthos).

Exposure to policy as code tools such as OPA, Conftest, or Terraform Sentinel.