Principal Forward Deployed Cloud Security Architect

Minimum qualifications:

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related technical field, or equivalent practical experience.
• 8 years of experience assessing and developing cybersecurity solutions across multiple security domains.
• Experience with network architecture, cyber security, and security analysis.
  
• Experience in Kubernetes.
• Experience with DevOps or site reliability development.
• Must hold Canadian Government Security Clearance at the Level II or Level III.

Preferred qualifications:

• Experience operating and architecting in air-gapped, disconnected, or highly restricted edge computing environments.
• Experience writing and troubleshooting Infrastructure-as-Code (e.g., Terraform, Config Connector) and Policy-as-Code (e.g., OPA Gatekeeper).
• Familiarity with designing security solutions across classified domains (e.g., cross-domain solutions, gateways, identity, data-centric security).
• Understanding of Government of Canada (GoC) security frameworks (e.g., ITSG-33).
• Ability to act as a player-coach, advising executive stakeholders on security strategy, executing technical implementation.
• Excellent verbal and written communication skills, with the ability to translate complex security concepts to both technical developers and non-technical leaders.

About the job

Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned front-line experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.

As a Principal Forward Deployed Cloud Security Architect within Mandiant's National Security team, you will embed with clients in Canada's national security and defense sector and directly contribute to building a secure and resilient Canada. You will act as a technical authority bridging the gap between highly secure infrastructure and modern software development. In this role, you will design, deploy, and secure sovereign cloud environments, ensuring that mission-critical, disconnected workloads meet the highest standards of national security.

You will advise stakeholders on secure architecture while building the AI-augmented DevSecOps pipelines that feed it. You will define the security guardrails for Kubernetes workloads, architect zero-trust boundaries, and implement software supply chain security, enabling developers to build agentic-era applications fast while remaining inherently secure.

Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

The Canada base salary range for this full-time position is CAD 198,000-203,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.

Please note that the compensation details listed in Canada role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.

Responsibilities

• Architect and deploy secure, scalable agentic workloads and applications tailored to unique operational and disconnected requirements.
• Define and enforce security baselines, network policies, and identity management for Kubernetes containers and virtualized workloads.
• Drive AI-augmented secure application modernization and digital transformation by designing and integrating robust Secure SDLC frameworks and DevSecOps pipelines, enabling developers to securely and seamlessly transition workloads from low to high-side environments (e.g., integrating automated vulnerability scanning, AI code analysis, container image signing, and infrastructure-as-code deployments.).
• Design and integrate security solutions across classified domains, leveraging expertise in cross-domain solutions, secure gateways, identity management, and data-centric security architectures.
• Architect and operationalize advanced cryptographic controls and data protection strategies, managing encryption keys, integrating hardware security modules, and enforcing customer-managed encryption Keys policies to secure data at rest and in transit across the classified boundary.