GCP IAM Specialist in Cloud-Native Development

Appealing Points:

• Lead Enterprise GCP IAM Strategy – Design and implement secure, scalable IAM frameworks across Google Cloud using least-privilege principles, organization policies, and identity governance.
• Build Secure Cloud-Native Solutions – Develop automation and cloud-native applications using GCP services, Terraform, Python/Go, and CI/CD pipelines to strengthen security and operational efficiency.
• Drive Cloud Security & Compliance – Work with advanced GCP security services, IAM governance, audit logging, and policy enforcement while supporting enterprise-scale cloud transformation projects.

Annual salary: 9 million and above

Job Responsibilities:

• Design and enforce IAM policies, roles, and permission boundaries across GCP projects, folders, and organizations
• Develop and maintain custom IAM roles aligned to least-privilege principles across multi-project GCP environments
• Build and maintain cloud-native applications and automation tooling using GCP-native services (Cloud Run, Cloud Functions, Pub/Sub, GCS)
• Implement Workload Identity Federation and service account management best practices
• Integrate IAM controls with CI/CD pipelines and enforce policy-as-code using Terraform
• Conduct IAM access reviews, audit log analysis via Cloud Audit Logs and Security Command Center
• Collaborate with development and platform teams to embed security controls into cloud-native delivery
• Define and maintain organization-level IAM guardrails using VPC Service Controls and Access Context Manager
• Drive IAM automation using Ansible playbooks for configuration management and drift detection
• Provide technical guidance and IAM governance frameworks to delivery teams

Job Qualification:

• 5+ years of hands-on experience with GCP IAM, including custom roles and policy management
• Strong proficiency in GCP-native development (Cloud Run, Cloud Functions, App Engine, Pub/Sub)
• Solid Terraform experience for IAM policy provisioning and infrastructure-as-code
• Experience with Workload Identity, service accounts, and federated identity management
• Proficiency in Python or Go for automation and tooling development
• Familiarity with GCP Security Command Center, Cloud Audit Logs, and compliance frameworks
• Experience implementing VPC Service Controls and organization policies
• Understanding of OAuth 2.0, OIDC, and SAML integration patterns on GCP

Preferred Skills:

• Google Professional Cloud Security Engineer certification
• Experience with Ansible for IAM configuration drift detection
• Background in financial services, healthcare, or other regulated industries
• Familiarity with GKE Workload Identity and namespace-scoped IAM bindings
• Experience with SIEM integration and security event automation pipelines

Language Skills: Business level Japanese (JLPT N2 and above) and Business level English

Company Description:

One of the world's leading professional services companies, transforming clients' business, operating and technology models for the digital era.

Their unique industry-based, consultative approach helps clients envision, build and run more innovative and efficient businesses.

Headquartered in the U.S., this company is one of the Fortune 500 companies and is consistently listed among the most admired companies in the world.

[Passive smoking measures]

Indoor smoking

Designated smoking area

. Skillset Required: GCP IAM, IAM policies design, IAM roles management, Permission boundaries, Google Cloud Platform, Least-privilege principles, Organization policies, Identity governance, Automation, Cloud-native applications development, GCP services (Cloud Run, Cloud Functions, Pub/Sub, GCS, App Engine), Workload Identity Federation, Service account management, CI/CD pipelines integration, Policy-as-code, Terraform, IAM access reviews, Audit log analysis, Cloud Audit Logs, Security Command Center, Security controls embedding, VPC Service Controls, Access Context Manager, Ansible playbooks, Configuration management, Drift detection, IAM governance frameworks, Python, Go, OAuth 2.0, OIDC, SAML integration, SIEM integration, Security event automation pipelines