[Remote] DoW Cloud Security Engineer (GCP Security Engineering / SecOps Enablement)
Note: The job is a remote job and is open to candidates in USA. Tetrad Digital Integrity (TDI) is a cybersecurity firm focused on delivering cyber solutions for high-consequence environments. They are seeking a DoW Cloud Security Engineer to enhance the security engineering posture of a critical cloud-hosted defense system, involving hands-on engineering to develop security telemetry, logging, and automation for improved responsiveness and defensibility.
Responsibilities
- Comply with currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines
- Design, implement, and sustain security telemetry/logging architecture in GCP, ensuring high-fidelity signals are collected, normalized, and delivered to the VDSS/SIEM/SOAR stack
- Own logging coverage and quality for cloud and platform signals, including:
- Cloud Audit Logs (Admin Activity, Data Access, System Event)
- IAM/service account activity and privileged actions
- VPC Flow Logs, load balancer/WAF/proxy signals
- GKE audit logs and Kubernetes control-plane events
- Security-relevant application/service logs
- Build detection engineering content: queries, correlation logic, alert rules, and dashboards aligned to cloud threat scenarios (IAM abuse, suspicious API usage, workload compromise, data access anomalies, lateral movement paths)
- Develop automation and guardrails to reduce toil and accelerate investigations/response:
- API-driven enrichment and evidence capture (e.g., asset inventory, IAM bindings, network path/context, log exports)
- Repeatable runbooks/workflows and integration into ticketing/notification pipelines
- Partner with teams to implement and validate security controls that improve defensibility:
- Secure configuration baselines and drift detection
- Identity and access telemetry improvements
- Network segmentation signals and policy validation
- Container/GKE security instrumentation and runtime visibility
- Execute continuous control-health checks and instrumentation validation (telemetry completeness, parsing quality, alert fidelity, logging pipeline reliability)
- Coordinate cleanly with the CSSP: provide engineered signals, detection content, and automation that improves downstream monitoring and response outcomes
- Produce clear technical deliverables (engineering notes, detection documentation, dashboards/coverage maps, stakeholder-ready updates) with minimal editing Skills
- Active DoD Secret secret clearance
- Role-required security certification such as: CFR, CCNA Cyber Ops, CCNA-Security, CHFI, CySA+, GCFA, GCIH, SCYBER
- Demonstrated experience in cloud security engineering or security-focused platform engineering in enterprise/mission environments
- GCP strongly preferred (AWS/Azure acceptable with ability to ramp quickly in GCP)
- Strong proficiency in cloud logging/telemetry design, including integration into VDSS/SIEM/SOAR platforms
- Hands-on experience with automation and APIs (Python/Go/Bash, REST/JSON, gcloud/SDKs) to build repeatable security workflows
- Experience with Kubernetes/container security concepts; ability to instrument and operationalize GKE audit/runtime telemetry
- Practical incident-response awareness (evidence preservation and containment guidance) — not a primary duty, but able to support when needed
- Strong writing/briefing skills; can deliver precise, customer-ready outputs with minimal oversight
- Comfort operating in a high-change environment with competing priorities and frequent stakeholder engagement
- Cloud certification preferred (e.g., CCSP or Google Professional Cloud Security Engineer, Professional Cloud DevOps Engineer, Professional Cloud Network Engineer) Company Overview
- For over 20 years, TDI’s one and only passion has been delivering cybersecurity solutions to effectively manage the business of cyber. It was founded in 2001, and is headquartered in Washington, District of Columbia, USA, with a workforce of 51-200 employees. Its website is
Apply To this Job