Google Cloud Security Engineer

The Google Cloud Security Engineer  is an individual contributor within Dentsply Sirona’s Security Architecture and Engineering organization. This role partners closely with the Google Cloud Platform (GCP) engineering and operations teams and Security stakeholders to help design, engineer, and continuously improve security controls that protect Dentsply Sirona’s Google Cloud workloads and data.

This position is junior in nature and is designed for a developing engineer who can execute well-defined security engineering tasks, contribute to secure-by-design patterns, and grow into broader cloud security ownership over time. The role also supports day-to-day security operations by helping administer and improve the SecOps SIEM (log onboarding, detection content support, and operational hygiene).

Role Scope Includes:

• Supporting secure Google Cloud architecture patterns across identity, network, logging/monitoring, and data protection domains (IAM, policies, encryption, boundary controls).
• Partnering with the Google Cloud team to implement guardrails and engineering improvements aligned to best practices and compliance needs.
• Assisting with SecOps SIEM operations including onboarding log sources, supporting detections, and helping improve investigation workflows.
• Producing clear documentation, diagrams, and runbooks that make controls repeatable and auditable.

Responsibilities:

Cloud Security Architecture Support (GCP)

• Assist in implementing and maintaining secure configurations across Google Cloud environments, focusing on least privilege access, resource hierarchy/policies, and workload protection patterns.
• Support security design reviews for new/changed cloud services and applications (e.g., networking changes, service accounts, logging requirements).
• Help deploy and validate baseline security controls such as encryption, key management practices, and secure network boundary protections (e.g., segmentation and perimeter controls where applicable).
• Contribute to Infrastructure-as-Code (IaC) security hygiene by reviewing and improving cloud configurations for repeatability and reduced drift (tooling used by the platform team).

Cloud Security Monitoring & Operations

• Help operationalize cloud security monitoring by ensuring audit and security telemetry is available and usable for investigations (visibility, alert context, and log quality).
• Support vulnerability and configuration findings triage by partnering with engineering teams to validate issues and track remediation progress.

SecOps SIEM Support (Operational Hygiene, Detections, and Log Onboarding)

• Assist with SIEM data onboarding efforts: coordinate with system owners, validate ingestion, and support normalization/correlation readiness.
• Support detection content lifecycle activities such as documentation updates, basic tuning support, and reporting on alert quality (false positives/noise reduction).
• Help build repeatable processes for log source onboarding and SIEM content management (runbooks, checklists, dashboards, and metrics).
• Partner with SecOps stakeholders to improve investigation workflows and ensure SIEM capabilities are aligned to operational needs (search, context, and investigation views).

Documentation, Collaboration & Continuous Improvement

• Maintain security documentation (control narratives, diagrams, standards) and contribute to “secure-by-default” enablement content for engineering teams.
• Coordinate with cloud engineering, Security Architecture, and SecOps teams to plan and execute small-to-medium security initiatives.

This role strengthens Dentsply Sirona’s cloud security posture by improving preventive controls and ensuring security telemetry is actionable for detection and response.

Requirements:

Education

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related field (or equivalent practical experience).

Experience

• 0–3 years of experience in cybersecurity engineering, cloud engineering, security operations, or related technical internships/rotations.
• Exposure to at least one cloud platform (Google Cloud preferred) with understanding of core security concepts (IAM, networking, logging/monitoring, encryption).
• Basic familiarity with SIEM concepts (log sources, parsing/normalization, alerting, investigation workflows).

Key Skills & Knowledge

• Foundational understanding of cloud identity and access controls (roles/permissions, service accounts, least privilege concepts).
• Working knowledge of cloud logging/monitoring and why audit logs matter for security operations.
• Familiarity with network security basics (segmentation, boundary protection concepts, secure communications).
• Comfortable writing clear documentation and collaborating cross-functionally with engineering and operations teams.
• Scripting/automation mindset (Python or similar) is a plus.

Certifications (preferred / growth-oriented)

• Google Cloud: Associate Cloud Engineer (strongly preferred as junior baseline); Professional Cloud Security Engineer (stretch as experience grows).
• Security fundamentals: CompTIA Security+ (or equivalent).
• Cloud security fundamentals: CCSK or CCSP (as role matures).
• SIEM/Detection: Training aligned to Google SecOps / Chronicle SIEM concepts (SIEM/SOAR learning path).