Senior Google Cloud Security Engineer

Senior Google Cloud Security Engineer

The Senior Google Cloud Security Engineer is a senior-level individual contributor within Dentsply Sirona’s Security Architecture and Engineering organization. This role partners closely with the Google Cloud Platform (GCP) engineering and operations teams and Security stakeholders to help design, implement, and continuously improve secure-by-default cloud foundations and security controls that enable business delivery while reducing risk. The position leads security architecture and engineering initiatives that strengthen the confidentiality, integrity, availability, and resilience of GCP workloads and data through guardrails, automation, and clear security patterns that scale.

In addition, the role owns day‑to‑day administration and ongoing maturity of the Sec Ops SIEM (Google Security Operations / Chronicle), including log onboarding, detection engineering, tuning, and operational reporting in partnership with Security Operations and Incident Response. This is a hybrid role that will require you to be based out of our Charlotte, NC, York, PA or Waltham, MA office.

• Defining and implementing secure GCP reference architectures (landing zone, org/policy guardrails, identity, network segmentation, encryption, logging) and reusable security patterns.
• Engineering preventive and detective controls using automation and infrastructure-as-code (guardrails, baselines, continuous configuration enforcement).
• Coordinating with platform and application teams to integrate security into CI/CD pipelines and deployment workflows (including workload/container security).
• Owning Sec Ops SIEM administration and detection engineering: log onboarding, parsing/normalization, rule development, tuning, dashboards, and alerting.
• Driving cloud security risk reduction through security reviews, threat modeling, and remediation of critical findings across GCP services.
• Contributing to audit readiness and control evidence for cloud controls (access management, logging, encryption, vulnerability management).

• Partner with the Google Cloud team to design secure cloud architectures, including IAM/least privilege, network security, encryption, secrets management, and logging/monitoring standards.
• Define and maintain GCP security reference architectures and guardrails aligned to enterprise security policies and industry frameworks (e.g., risk management and control objectives).
• Lead threat modeling and architecture risk reviews for new GCP services, platforms, and major migrations; document decisions and required controls/compensations.

• Engineer scalable security controls using automation and infrastructure-as-code (baseline policies, configuration validation, continuous compliance checks).
• Integrate security controls into CI/CD (policy checks, IaC validation, secrets detection, artifact/image scanning) to enable secure delivery with minimal friction.
• Develop reusable security modules, patterns, and documentation that drive consistent adoption across teams.

• Administer and mature the Sec Ops SIEM platform: data ingestion, log onboarding, parsing/normalization, content management, and access controls.
• Lead detection engineering: build, tune, and maintain high-fidelity detections and analytics based on threat intelligence and observed attacker techniques; reduce false positives through iterative tuning.
• Develop dashboards and reporting to support SOC performance, cloud visibility, and executive-level risk insights.
• Partner with Incident Response/Threat Hunting/Cloud Engineering to investigate cloud events and improve telemetry and detections.

• Drive remediation of critical/high cloud findings by coordinating with owners, validating fixes, and ensuring controls remain effective over time.
• Support internal and external audits by producing evidence for cloud control operation (logging, access governance, encryption, vulnerability management, change control).
• Contribute to security standards, patterns, and runbooks; participate in lessons learned and resilience readiness improvements.

• Increase GCP log coverage in the SIEM (priority log sources onboarded; improved parsing/normalization quality).
• Improve detection quality (signal-to-noise ratio through tuning; timely deployment of new detections for emerging threats).

• Deliver a secure-by-default GCP landing zone + standardized security blueprint adopted broadly for new workloads, with measurable reduction in repeat security findings and faster, safer onboarding of new cloud projects.

• Bachelor's degree (or higher) in Cybersecurity, Computer Science, Information Systems, Engineering, or related field (or equivalent practical experience).

• 7+ years of professional experience in…