Calance
Calance

61 Calance Networking Jobs Hiring Near You

Showing results 21-40

Calance Jobs Information

What are the most popular job types at Calance?
    What are the most popular categories at Calance?
    Infographic showing various Networking job openings at Calance in the United States as of June 2026, with employment types broken down into 15% Full Time, and 85% Contract. Highlights an 72% Physical, 26% Hybrid, and 2% Remote job distribution.
    GCP Architect or Engineer - Remote W2 (No TP or Employer)

    GCP Architect or Engineer - Remote W2 (No TP or Employer)

    Calance

    Fontana, CA โ€ข On-site

    $66.75 - $88.50/hr

    Other

    Posted 4 days ago


    Job description

    Job Title: GCP Engineer - Remote

    Duration: 6 - 12 Months

    Location: remote



    GCP Network, Security, and GenAI - Need to have Terraform and networking experience

    less about agentic ai workflows. it's more about landingzone build out, network / VPC implementation, all via IAC (Infrastructure as Code)


    Area


    Terraform Repo Structure


    Terraform State Management


    VPC Service Controls


    Communication


    1. Position Overview & Mission

    Reporting directly to the Head of Cloud Infrastructure, the Principal Cloud Architect is the ultimate technical arbiter of the "FY26 GCP Mandate." Following our Strategic Agreement with Google Cloud Platform, this role is tasked with the high-stakes mission of accelerating Generative AI capabilities by year-end. You will be the primary architect responsible for balancing aggressive "Speed to Value" with "Secure by Default" principles across the GCP Foundation. This is not a theoretical role; you will translate complex architectural assessments into a hardened, production-ready ecosystem that protects enterprise data while enabling cutting-edge Agentic AI workflows.


    2. Core Responsibilities: GenAI Governance & Implementation

    The architect will operationalize the "Model Armor Recommendation Framework" to ensure no GenAI traffic bypasses established security controls.

    Model Armor Floor Settings: Enforce non-negotiable safety baselines via Terraform at the Folder and Project levels. You must implement the "Block vs. Redact" decision matrix: Block for Malicious Intent (Jailbreak, Prompt Injection) and Redact for Incidental Sensitivity (PII/PHI in prompts/responses).

    Secure Authentication Passthrough: Architect secure Agent-to-Agent (A2A) and MCP Server workflows using the Google Agent Development Kit (ADK) and OAuth2, ensuring the original user's identity is propagated for downstream actions like BigQuery deletions.

    Agentic AI Security: Secure the Vertex AI Agent Engine to prevent "rogue agent" commands. Enforce least-privilege access for agents interacting with BigQuery and AlloyDB, utilizing BigQueryCredentialsConfig to decouple authentication from the tool lifecycle.

    Policy Enforcement: Establish "Fail-Closed" policies where GenAI traffic is automatically blocked if Model Armor or security inspection services are unreachable.

    Technical Implementation: Configure safety attribute thresholds (e.g., Toxicity, Hate Speech) with high-confidence (0.7+) blocking and flagging protocols.


    3. Core Responsibilities: Enterprise Cloud Networking

    You will manage a complex, global network topology based on the "VPC Service Controls Strategy," ensuring strict isolation between core foundations and legacy assets.

    Topology Management: Enforce a strict Hub-and-Spoke network topology. You will standardize the naming convention across all environments: 0p (Production), 0n (Non-Production), 0d (Dev), 0s (Stage), and 0t (Test).

    Perimeter Defense: Design and validate VPC Service Controls (VPC-SC) to prevent data exfiltration.

    Traffic Security: Standardize SSL Policies using the RESTRICTED profile and a minimum of TLS 1.2 across all Load Balancer proxies (e.g., admin-api-https-proxy, braze-proxy-htts-proxy).

    Firewall Governance: Implement Hierarchical Firewall Policies at the Organization level to enforce a "deny-all outbound" default posture.

    Hybrid Connectivity: Validate and enforce Partner Interconnect encrypted VLAN attachments for all traffic traversing from on-premise to GCP.


    4. Core Responsibilities: Identity, Data Security, & Compliance

    Synthesize the IAM Strategy and Data Security Checklist into a Zero Trust architectural mandate.


    Security Domain

    Architectural Mandate

    IAM & Identity

    Enforce Workload Identity Federation (WIF) for all CI/CD and GKE workloads. Implement a "Service Account Reaper" to automate the disabling of accounts inactive for 90+ days.

    Privileged Access

    Implement Just-in-Time (JIT) Data Access via Privileged Access Manager (PAM) for BigQuery, ensuring analysts have session-based elevation rather than standing access to PII/PCI tables.

    Data Protection

    Mandate Customer-Managed Encryption Keys (CMEK) for "Confidential" and "Restricted" data using Cloud KMS Autokey for simplified lifecycle management.

    Audit & Logging

    Enable and monitor BigQuery Data Access Logs (DATA_READ/DATA_WRITE) in all production projects to catch and alert on unauthorized query attempts (Status Code 7).

    Compliance

    Maintain PCI DSS readiness for the Cardholder Data Environment (CDE) and ensure alignment with CIS Foundations Benchmarks.


    5. Technical Qualifications & Tech Stack Expertise

    IaC Mastery: Expert-level Terraform for provisioning projects, hierarchical labels, and Model Armor floor settings (using google_model_armor_floorsetting).

    GCP AI Stack: Deep knowledge of Vertex AI Agent Engine, Agent Development Kit (ADK), and Model Context Protocol (MCP).

    Security Tooling: Hands-on experience with Google Cloud Armor, Cloud KMS Autokey, VPC Service Controls, and Security Command Center (SCC).

    Confidential Computing: Expertise in Confidential VMs (AMD SEV-SNP) for GKE nodes and Compute instances processing sensitive models or PII.

    Data Architecture: High familiarity with BigQuery, AlloyDB, and Dataplex aspect types for metadata and classification.


    6. Resource Governance & Operational Excellence

    The architect is responsible for the integrity of the organizational resource hierarchy and must resolve existing technical debt:

    Anomaly Remediation: Identify and migrate "Root Level Anomalies" into governed folder structures.

    Labeling Standardization: Standardize project labeling (team, environment, cost attribution) across all business units. Immediate priority is bringing the Legacy-CRM migration folder into alignment with the GCP Foundation naming and labeling standards.

    Drift Detection: Utilize Cloud Asset Inventory (CAI) to query for resources with the secure tag env:prod to ensure strict security settings are applied dynamically and consistently.


    Thank you,

    Shiva Mittal