GCP IAM Specialist (NCS/Job/ 3955)

Job Description

Role: GCP IAM Specialist

Cloud-Native Development | Identity & Access Management

Location: Offshore/India

ROLE OVERVIEW

We are seeking a highly skilled GCP IAM Specialist with strong cloud-native development expertise to design, implement, and govern identity and access management frameworks across our Google Cloud Platform estate. This role is pivotal in ensuring secure, compliant, and scalable access controls while driving cloud-native application delivery.

KEY RESPONSIBILITIES

· Design and enforce IAM policies, roles, and permission boundaries across GCP projects, folders, and organizations

· Develop and maintain custom IAM roles aligned to least-privilege principles across multi-project GCP environments

· Build and maintain cloud-native applications and automation tooling using GCP-native services (Cloud Run, Cloud Functions, Pub/Sub, GCS)

· Implement Workload Identity Federation and service account management best practices

· Integrate IAM controls with CI/CD pipelines and enforce policy-as-code using Terraform

· Conduct IAM access reviews, audit log analysis via Cloud Audit Logs and Security Command Center

· Collaborate with development and platform teams to embed security controls into cloud-native delivery

· Define and maintain organization-level IAM guardrails using VPC Service Controls and Access Context Manager

· Drive IAM automation using Ansible playbooks for configuration management and drift detection

· Provide technical guidance and IAM governance frameworks to delivery teams

REQUIRED QUALIFICATIONS

· 5+ years of hands-on experience with GCP IAM, including custom roles and policy management

· Strong proficiency in GCP-native development (Cloud Run, Cloud Functions, App Engine, Pub/Sub)

· Solid Terraform experience for IAM policy provisioning and infrastructure-as-code

· Experience with Workload Identity, service accounts, and federated identity management

· Proficiency in Python or Go for automation and tooling development

· Familiarity with GCP Security Command Center, Cloud Audit Logs, and compliance frameworks

· Experience implementing VPC Service Controls and organization policies

· Understanding of OAuth 2.0, OIDC, and SAML integration patterns on GCP

PREFERRED QUALIFICATIONS

· Google Professional Cloud Security Engineer certification

· Experience with Ansible for IAM configuration drift detection

· Background in financial services, healthcare, or other regulated industries

· Familiarity with GKE Workload Identity and namespace-scoped IAM bindings

· Experience with SIEM integration and security event automation pipelines

CORE SKILLS & TECHNOLOGIES

GCP IAM Cloud-Native Dev Terraform Ansible

VPC Service Controls Workload Identity Cloud Run Security Command Center

Python / Go GCP Org Policy Audit Logs CI/CD Security