Apply on Employer Site

Synergy Interactive · 1 day ago

Sr Cloud Security Engineer

Atlanta Metro

Full-time

Onsite

Senior Level, Lead/Staff

$140K/yr - $180K/yr

8+ years exp

Synergy Interactive is seeking a Senior Security Engineer (Threat Modeling – GCP) to strengthen their cloud threat models and implement robust security controls. The role involves securing GCP and on-premises environments, focusing on security architecture, threat modeling, and Terraform-based IaC, while collaborating with engineering and product teams to embed secure practices.

ConsultingCreative AgencyEmploymentInformation TechnologyMarketingProfessional ServicesRecruitingStaffing Agency

Hiring Manager

Andrew Clinkman

Responsibilities

Lead threat modeling for GCP and hybrid systems using frameworks like STRIDE, PASTA, MITRE ATT&CK , and translate findings into concrete controls and requirements

Perform security architecture and design reviews for GCP workloads (e.g., GKE, Cloud Run, data platforms) and propose practical mitigation strategies

Develop and tune detection and alerting pipelines using GCP-native services and SIEM platforms (e.g., Chronicle, Datadog); support incident response and root‑cause analysis

Design and maintain Terraform-based IaC for secure GCP environments, including projects, IAM, networks, and guardrails; apply policy‑as‑code and GitOps practices

Drive vulnerability management from discovery through remediation tracking, mapping issues to CWE/OWASP and communicating risk to stakeholders

Implement and refine Zero Trust and segmentation controls across GCP and on‑prem, including identity-centric access, logging/monitoring, and secure configurations

Automate security workflows (e.g., with Python/Bash ) for access management, control validation, telemetry enrichment, and reporting

Produce clear documentation, models, and presentations of risks and mitigations for technical teams and leadership

Qualification

GCPSecurity architectureThreat modelingTerraformVulnerability managementZero TrustSIEMScripting/automationAnalytical skillsAdversary mindsetSecurity certificationsAWSAzureDocumentationEffective communication

Required

8+ years of experience across security engineering/architecture/cloud security, including 5+ years in Cybersecurity

Strong, hands-on GCP experience (essential) – Cloud IAM, KMS, VPC, Security Command Center, Cloud Logging/Monitoring, Cloud Armor, GKE/Cloud Run, and multi-project security best practices

Proven security architecture and technical design review skills (essential), with experience embedding controls into modern, API-driven systems

Experience with threat modeling methodologies (STRIDE, PASTA, MITRE ATT&CK) and applying them to real-world designs and services

Strong background in authN/authZ, logging/monitoring, encryption, infra/network security, and segmentation/Zero Trust

Proficiency with Terraform as primary IaC for GCP (secure patterns, modules, Terraform Cloud/Enterprise); familiarity with CDK/CloudFormation is a plus

Experience with scripting/automation (Python, Bash, optionally PowerShell) and integrating with GCP APIs and CI/CD pipelines

Experience with SIEM/detection pipelines (Chronicle, Datadog, or similar) and EDR (e.g., CrowdStrike or equivalent)

Understanding of containers and cloud-native platforms: Docker, Kubernetes (GKE), serverless (Cloud Functions/Cloud Run), Helm

Familiarity with Jira or similar ticketing systems, and modern data/engineering platforms (e.g., Snowflake, MongoDB, Terraform Cloud, GitHub, Databricks)

Strong analytical skills, high-quality documentation habits, effective communication, and an adversary mindset