Job Title: Senior GCP Security Architect
Rate: £575 per day (Outside IR35)
Location: Hybrid working (90% remote, with occasional travel to Central London)
Employer: Renowned NHS Organisation
Job Description:
We are seeking a highly skilled Senior GCP Security Architect to join a renowned NHS organisation and play a pivotal role in enhancing the security and scalability of their Google Cloud Platform (GCP) ecosystem. This is a unique opportunity to design and implement cutting-edge cloud security solutions, with a focus on Identity and Access Management (IAM) and Single Sign-On (SSO), to support the secure migration of data and applications from on-premises data centres to GCP.
As a Senior GCP Security Architect, you will be responsible for architecting a secure, compliant, and scalable GCP landing zone, embedding security best practices into every stage of the cloud adoption lifecycle. This role requires deep technical expertise in GCP security frameworks, hands-on experience with IAM and SSO integration, and a proven track record of delivering secure cloud solutions in complex environments.
Key Responsibilities:
1. Landing Zone Design:
o Architect and implement a secure, scalable, and compliant GCP landing zone.
o Define and enforce organisational resource hierarchy (organisations, folders, projects) in alignment with governance policies.
o Develop guardrails and blueprints using GCP Organisation Policies, Cloud IAM, and Infrastructure as Code (Terraform or Deployment Manager).
2. Security Architecture:
o Design and implement security best practices for the GCP ecosystem, including:
+ Identity and Access Management (IAM) policies.
+ Secure network design with VPCs, subnets, private service endpoints, and firewall rules.
+ Encryption strategies for data at rest and in transit using GCP Cloud KMS.
+ Secure API gateways and workload identity federation.
+ Implement Identity-Aware Proxy (IAP) for securing application access.
3. Data Migration and Security:
o Develop security protocols for migrating data and applications from on-premises and other clouds to GCP.
o Implement data protection mechanisms such as DLP (Data Loss Prevention) and data classification.
o Ensure sensitive workloads comply with data residency and encryption requirements.
4. Monitoring, Logging, and Incident Response:
o Configure Security Command Center, Cloud Monitoring, and Cloud Logging for real-time security insights.
o Set up centralized logging and alerting to monitor policy violations and security incidents.
o Develop and implement incident response playbooks in coordination with security and operations teams.
5. Governance and Compliance:
o Ensure compliance with relevant regulatory frameworks (e.g., GDPR, HIPAA, PCI-DSS) by designing automated compliance checks.
o Perform risk assessments, vulnerability scans, and regular audits of the cloud environment.
o Create a robust governance framework to manage GCP services securely and at scale.
Experience Required:
* Proven experience in designing and implementing secure GCP environments, with expertise in IAM, VPC design, private endpoints, and service perimeters.
* Strong knowledge of GCP-native security tools such as Cloud Armor, Forseti Security, and DLP API.
* Proficiency in encryption technologies and data protection mechanisms.
* Excellent understanding of regulatory compliance requirements (e.g., SOC 2, ISO 27001, NIST).
* Strong scripting and automation skills (Python, Bash, or PowerShell).
Key Skills:
* Proficiency in GCP networking, IAM, and security frameworks.
* Hands-on experience with Infrastructure as Code (IaC) tools such as Terraform or Deployment Manager.
* Familiarity with data migration tools (e.g., Transfer Appliance, BigQuery Data Transfer Service).
* Strong understanding of DevOps and CI/CD practices.
* Strategic thinking and the ability to align cloud solutions with business objectives.
* Excellent communication and collaboration skills to work with diverse stakeholders.
* Leadership and mentoring capabilities to guide teams through cloud adoption.
Qualifications:
* Google Professional Cloud Architect certification.
* Certified Information Systems Security Professional (CISSP) or equivalent.
This is a fantastic opportunity to work with a prestigious NHS organisation, contributing to the secure and efficient delivery of critical healthcare services. If you are a seasoned GCP Security Architect with a passion for innovation and a commitment to excellence, we would love to hear from you.
Apply now to join a team that is making a difference!
#J-18808-Ljbffr