DoW Cloud Security Engineer (GCP Security Engineering / SecOps Enablement)

• Comply with currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines.
• Design, implement, and sustain security telemetry/logging architecture in GCP, ensuring high-fidelity signals are collected, normalized, and delivered to the VDSS/SIEM/SOAR stack.
• Own logging coverage and quality for cloud and platform signals, including:
  • Cloud Audit Logs (Admin Activity, Data Access, System Event)
  • IAM/service account activity and privileged actions
  • VPC Flow Logs, load balancer/WAF/proxy signals
  • GKE audit logs and Kubernetes control-plane events
  • Security-relevant application/service logs
• Build detection engineering content: queries, correlation logic, alert rules, and dashboards aligned to cloud threat scenarios (IAM abuse, suspicious API usage, workload compromise, data access anomalies, lateral movement paths).
• Develop automation and guardrails to reduce toil and accelerate investigations/response:
  • API-driven enrichment and evidence capture (e.g., asset inventory, IAM bindings, network path/context, log exports)
  • Repeatable runbooks/workflows and integration into ticketing/notification pipelines
• Partner with teams to implement and validate security controls that improve defensibility:
  • Secure configuration baselines and drift detection
  • Identity and access telemetry improvements
  • Network segmentation signals and policy validation
  • Container/GKE security instrumentation and runtime visibility
• Execute continuous control-health checks and instrumentation validation (telemetry completeness, parsing quality, alert fidelity, logging pipeline reliability).
• Coordinate cleanly with the CSSP: provide engineered signals, detection content, and automation that improves downstream monitoring and response outcomes.
• Produce clear technical deliverables (engineering notes, detection documentation, dashboards/coverage maps, stakeholder-ready updates) with minimal editing.

• Active DoD Secret secret clearance.
• Role-required security certification such as: CFR, CCNA Cyber Ops, CCNA-Security, CHFI, CySA+, GCFA, GCIH, SCYBER.
• Demonstrated experience in cloud security engineering or security-focused platform engineering in enterprise/mission environments.
• GCP strongly preferred (AWS/Azure acceptable with ability to ramp quickly in GCP).
• Strong proficiency in cloud logging/telemetry design, including integration into VDSS/SIEM/SOAR platforms.
• Hands-on experience with automation and APIs (Python/Go/Bash, REST/JSON, gcloud/SDKs) to build repeatable security workflows.
• Experience with Kubernetes/container security concepts; ability to instrument and operationalize GKE audit/runtime telemetry.
• Practical incident-response awareness (evidence preservation and containment guidance) — not a primary duty, but able to support when needed.
• Strong writing/briefing skills; can deliver precise, customer-ready outputs with minimal oversight.
• Comfort operating in a high-change environment with competing priorities and frequent stakeholder engagement.
• Cloud certification preferred (e.g., CCSP or Google Professional Cloud Security Engineer, Professional Cloud DevOps Engineer, Professional Cloud Network Engineer).

TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.

“TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”

Powered by JazzHR