Our client, an inhouse Advertising Agency with offices in Englewood Cliffs, NJ, is seeking an experienced Cloud Engineer starting ASAP. This is a long term fully on-site contract position, so only candidates who are within a commutable location to Northern NJ will be considered. While you will help manage the core infrastructure, your primary focus will be on Governance, Security, and Observability. You will be responsible for implementing guardrails, tracking assets, and ensuring our IAM policies follow the principle of least privilege. You will use advanced GCP tools to audit the environment and ensure the transition to new infrastructure is secure by default.

RESPONSIBILITIES:

Security Governance & Guardrails

• Organization Policies: Define and enforce guardrails to prevent mistakes before they happen (e.g., configuring "Restrict Domain Sharing" to prevent external access or "Restrict Resource Location" to ensure data residency).
• Policy Intelligence: Utilize IAM Recommender and Policy Intelligence tools to identify users with over-provisioned access and remove permissions that haven't been used in 90+ days.
• IAM Architecture: Manage IAM roles at the Organization and Project levels, ensuring secure authentication and authorization for users and Service Accounts.

Asset Management & Inventory

• Cloud Asset Inventory: Act as the owner of their cloud inventory. You will run queries to answer critical questions like "Which storage buckets are public?" or "Who has 'Editor' permission on this project?"
• Drift Detection: Monitor the environment and ensure all resources are properly tagged and accounted for.

Infrastructure Automation (Terraform)

• Project Factory: Move away from manual operations. Use Terraform to script the creation of new projects, automatically enabling the correct APIs, configuring logging sinks, and assigning standard IAM groups instantly.
• State Management: Maintain the Terraform state for their core infrastructure (GKE, Cloud SQL, VPCs).

Observability & Operations

• Monitoring & Alerting: Build comprehensive dashboards in Google Cloud Monitoring. Design intelligent alerts that distinguish between a true incident and background noise.
• Operational Health: Oversee the stability of their GKE clusters and Cloud Composer (Airflow) environments, troubleshooting performance bottlenecks and resource contention.

Modernization & Platform Improvements

• Assist in migrating workloads to containerized and managed compute environments.
• Audit new infrastructure projects and ensure alignment with architecture and security standards.

QUALIFICATIONS:

• Experience: 4+ years in Cloud Engineering, Security Operations, or Platform Engineering.
• GCP Governance Tools: You have specific, hands-on experience with Cloud Asset Inventory, Policy Intelligence, and Organization Policies.
• IAM Expert: You understand the hierarchy of GCP permissions and why we avoid basic roles (Owner/Editor) in production.
• Terraform Proficiency: You are comfortable writing modules to automate project setup and IAM assignments.
• Core Infrastructure: Solid understanding of Compute Engine, GKE, and Networking (VPC/Firewall rules).
• Experience with Apache Airflow or Cloud Composer is a plus.
• Google Cloud Professional Cloud Security Engineer certification is a plus.
• Experience writing Python scripts to query GCP APIs for audit reports is a plus.