Project – the aim you’ll have
We’re hiring a GCP Cloud Architect to design, implement and evolve enterprise‑grade Landing Zones on Google Cloud. You’ll shape the organization/folder/project hierarchy, identity and network foundations, security guardrails and automation patterns that enable product teams to ship fast and safely at scale. You’ll also guide teams adopting GKE, Cloud Run and data services on top of a well‑governed platform.
Position – how you’ll contribute
- Landing Zone architecture: Define and implement the Org → Folders → Projects model, environments (prod/non‑prod), Shared VPC architecture (hub‑and‑spoke), hierarchical firewall policies, tags & IAMstrategy, and Organization Policy constraints (guardrails).
- Identity & access: Integrate Cloud Identity/Google Workspace, workload identity federation, least‑privilege IAM roles, service accounts, and secrets/encryption with Cloud KMS (CMEK).
- Network & connectivity: Design VPCs, subnets, Cloud Router/NAT, Private Google Access, Private Service Connect, VPC peering/Cloud VPN/Interconnect, Cloud Load Balancing and Cloud Armor/WAF.
- Security & compliance: Implement Security Command Center, audit logging, VPC Service Controls(data perimeters), detective/preventive controls and policy‑as‑code; drive remediation at scale.
- Infrastructure as Code & automation: Lead Terraform standardization (Cloud Foundation Toolkit/Blueprints modules, environments, pipelines), reusable modules and automated drift detection; establish golden patterns and documentation.
- Platform enablement: Provide paved‑road patterns for GKE, Cloud Run, Cloud Functions, Artifact Registry, Cloud Build/Cloud Deploy and GitHub Actions integration.
- Observability & FinOps: Drive Cloud Monitoring/Cloud Logging (KQL‑like Log Analytics), SLOs and alerting standards; implement budgets/tags/labels for allocation and cost optimization.
- Consulting & governance: Run design reviews, threat modeling and readiness assessments; coach squads and stakeholders to adopt guardrails and best practices.
- Continuous improvement: Track GCP roadmap, pilot new features and codify learnings into blueprints and documentation.
Expectations – the experience you need
- 4+ years in cloud/platform architecture, 2+ years designing on GCP with hands‑on Landing Zone delivery (org policies, Shared VPC, perimeter security, IAM and network baselines).
- Expert Terraform on GCP (providers, modules, workspaces, CI/CD, state management), plus Git‑centric workflows and code reviews.
- Deep VPC/Networking (routing, NAT, DNS, hybrid connectivity, zero‑trust ingress/egress).
- Strong security background (CMEK, SCC, VPC SC, audit logging, governance/controls).
- Platform knowledge across GKE and/or Cloud Run, build & artifact flows (Cloud Build/Artifact Registry).
- Excellent stakeholder communication and the ability to translate guardrails into developer‑friendly paved roads.
- Nice to have: FinOps (budgets/commitments), Cloud Deploy, Config Controller/Config Sync, Anthos Policy Controller (OPA), Chronicle/SIEM integration.
- Certifications: Google Professional Cloud Architect, Professional Cloud Security Engineer or Professional Cloud Network Engineer (or in progress).
Additional skills – the edge you have
- FinOps (budgets/commitments), Cloud Deploy, Config Controller/Config Sync, Anthos Policy Controller (OPA), Chronicle/SIEM integration.
- Certifications: Google Professional Cloud Architect, Professional Cloud Security Engineer or Professional Cloud Network Engineer (or in progress).
Our offer – professional development, personal growth:
- Flexible employment and remote work
- International projects with leading global clients
- International business trips
- Non-corporate atmosphere
- Language classes
- Internal & external training
- Private healthcare and insurance
- Multisport card
- Well-being initiatives
Position at: Software Mind Poland
This role requires candidates to be based in the European Union.
Software Mind develops solutions that make an impact for companies around the globe. Tech giants & unicorns, transformative projects, emerging technologies and limitless opportunities – these are a few words that describe an average day for us. Building cross-functional engineering teams that take ownership and crave more means we’re always on the lookout for talented people who bring passion and creativity to every project. Our culture embraces openness, acts with respect, shows grit & guts and combines employment with enjoyment.