Deloitte US

We are seeking a GCP IAM contractor to support the implementation of GCP Atlas 2.0 Control Plane and Vertex AI enablement for a large-scale financial services client. This role will focus on building secure, governed, and repeatable access controls for Google Cloud resources, including access to Google Gemini AI model endpoints, in a regulated enterprise environment.

The contractor will work on Google Cloud IAM, Terraform, and Python automation, with a focus on security, compliance, and identity governance. The role supports application onboarding, access troubleshooting, and audit-ready implementation of identity and access controls.

Roles and Responsibilities

• Provision and manage IAM roles, bindings, and service accounts across GCP projects using Terraform and Git-based workflows.
• Implement least-privilege access patterns for application onboarding, including runtime identity, human access, and break-glass access.
• Support secure enablement of Vertex AI and governed access to Gemini AI model endpoints.
• Develop and maintain Terraform modules for reusable IAM patterns, environment management, and remote state handling.
• Use Python to automate IAM policy validation, policy manipulation, and GCP API integration.
• Support identity integrations and group-to-role mappings based on enterprise standards.
• Apply zero-trust and sensitivity-based access control principles.
• Collaborate with security and network teams on VPC Service Controls, Shared VPC, Private Service Connect, firewall rules, Cloud Armor, and load balancing controls.
• Produce onboarding evidence, access approvals, deployment records, and runbooks.
• Troubleshoot access issues and work with cross-functional teams to remove blockers.
• Support logging, monitoring, and audit readiness in a controlled environment.

Skills Required

• Hands-on experience with Google Cloud IAM, including roles, service accounts, policy inheritance, and resource hierarchy.
• Experience with Vertex AI IAM and governed access for cloud AI services.
• Strong Terraform skills, including the google and google-beta providers, module development, state management, and workspace handling.
• Strong Python scripting ability for automation and validation.
• Understanding of zero-trust architecture, least privilege, and enterprise identity governance.
• Experience in a financial services or similarly regulated environment.
• Familiarity with SOC 2, ISO 27001, PCI-DSS, or similar frameworks.
• Knowledge of Cloud KMS, Secret Manager, encryption, and secrets management.
• Familiarity with VPC networking and security controls, including Private Google Access, Shared VPC, VPC Service Controls, firewall rules, Cloud Armor, Cloud Load Balancing, and Private Service Connect.
• Working knowledge of OAuth 2.0, OIDC, API security, and token management.
• Experience with Git and CI/CD pipelines such as GitLab CI, GitHub, Jenkins, or Cloud Build.
• Familiarity with Cloud Logging, Cloud Monitoring, and SIEM integrations.
• Exposure to GKE Workload Identity and service mesh authentication concepts.
• Ability to work in a controlled change/release environment and produce clear documentation.