- Design, implement, and maintain Rego policies for cloud resources, ensuring that security, compliance, and operational policies are enforced.
- Write and maintain unit, integration, and acceptance tests for policy as code to ensure that policies are correctly applied in different environments.
- Collaborate with security teams to define and translate security and compliance requirements into actionable Rego policies.
Cloud Infrastructure Policy Management:
- Ensure that GCP cloud resources (e.g., Compute Engine, Kubernetes, Cloud Storage, IAM, BigQuery, etc.) are configured according to company policies and regulatory requirements.
- Automate policy enforcement and validation for cloud resources using OPA and other policy enforcement tools.
Automation & CI/CD Integration:
- Integrate Rego policy tests and enforcement into CI/CD pipelines to ensure that policies are tested and applied consistently across environments.
- Work with DevOps teams to automate policy validation as part of the deployment and provisioning workflows.
Collaboration & Documentation:
- Collaborate with cross-functional teams (DevOps, Security, Compliance) to ensure that the policies meet business, security, and regulatory requirements.
- Create and maintain documentation for policies, tests, and guidelines for policy-as-code best practices.
Continuous Improvement:
- Stay up-to-date with the latest trends, tools, and best practices in cloud security, policy-as-code, and GCP services.
- Identify opportunities to improve policy automation and testing processes for cloud environments.
Skills & Qualifications:
Required:
Strong Experience with Rego / OPA:
- Hands-on experience writing policies usingRegofor Open Policy Agent (OPA) to enforce cloud security and operational best practices.
Deep Knowledge of Google Cloud Platform (GCP):
- Extensive experience withGCP servicessuch as IAM, Compute Engine, Kubernetes Engine, Cloud Storage, BigQuery, VPC, Cloud Functions, and more.
- Understanding of GCP-specific security controls, best practices, and compliance frameworks (e.g., CIS benchmarks, SOC 2, HIPAA, etc.).
Cloud Security & Compliance:
- Experience working with cloud security frameworks and tools, including infrastructure as code (IaC) principles.
- Knowledge of security and compliance requirements for cloud-based environments (e.g., GDPR, SOC 2, PCI-DSS).
Automated Testing & CI/CD:
- Proficiency intest-driven development (TDD)andautomated testingframeworks.
- Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI, CircleCI, GitHub Actions) for automating policy testing and enforcement.
Programming / Scripting Skills:
- Proficiency in at least one programming or scripting language, such asPython, Go, Shell, orJavaScript.
Version Control & Collaboration Tools:
- Experience with version control systems, particularlyGit, and collaborating on code repositories (e.g., GitHub, GitLab).
Preferred:
- Experience with Other Policy Engines:
- Familiarity with other policy engines likeKubernetes admission controllers,Sentinel, orKubernetesOPAis a plus.
- Cloud Security Tools & Practices:
- Hands-on experience withcloud security posture management (CSPM)tools, vulnerability scanning, and incident response.
- Certifications:
- Google Cloud Certified -Professional Cloud Security Engineeror equivalent is a plus.
- OPA or other security certifications are a plus.
