Cloud Security Lead

About the Role

Security is foundational to our GenAI platform. The platform is built on Google Cloud Platform (GCP), and we welcome candidates with strong experience across enterprise cloud security platforms (e.g., AWS, Azure, or other cloud environments), with GCP expertise considered a strong advantage.

As our Security Lead, you will own the security architecture, drive implementation of security controls, and ensure compliance with enterprise policies and regulations. You will lead security decision making across the platform, working closely with infrastructure, application, and use case teams to embed security throughout the development lifecycle.

Key Responsibilities

• Own security architecture and drive security decisions across the platform

• Design and implement GCP IAM architecture with organisation-level role hierarchy

• Configure Workload Identity for secure pod-to-GCP service authentication

• Implement Kubernetes RBAC with namespace isolation for multi-tenant workloads

• Deploy and manage Secret Manager with Secrets Store CSI Driver integration

• Configure VPC Service Controls for production data exfiltration prevention

• Implement Cloud KMS with Customer-Managed Encryption Keys (CMEK)

• Design service account strategy with least privilege principles

• Lead security audit preparation and coordinate penetration testing

• Develop security policies, runbooks, and incident response procedures

• Review infrastructure-as-code and application code for security compliance

• Ensure GDPR and EU AI Act compliance for AI workloads

Required Skills

• 5+ years experience in cloud security engineering or architecture

• Strong expertise in GCP security (IAM, VPC Service Controls, Security Command Center) - essential

• Experience with GCP organisation policies and hierarchy

• Knowledge of Workload Identity and Kubernetes security patterns

• Proficiency in Secret Manager, Cloud KMS, and encryption key management

• Understanding of Zero Trust architecture principles

• Experience leading security audits and compliance programmes (SOC 2, ISO 27001)

• Strong communication skills for driving security decisions across teams

Desirable Skills

• Experience with GDPR compliance in cloud environments

• Knowledge of EU AI Act requirements for high-risk AI systems

• Background in Security Command Center and threat detection

• Experience with Binary Authorization and supply chain security

• Familiarity with penetration testing coordination and remediation

• CISSP, CCSP, or equivalent security certifications