Policy as Code Engineer / Testers - Bangalore, India - JPMC

Key Responsibilities:

Policy as Code Development & Testing:

• Design, implement, and maintain Rego policies for cloud resources, ensuring that security, compliance, and operational policies are enforced.
• Write and maintain unit, integration, and acceptance tests for policy as code to ensure that policies are correctly applied in different environments.
• Collaborate with security teams to define and translate security and compliance requirements into actionable Rego policies.

Cloud Infrastructure Policy Management:

• Ensure that GCP cloud resources (e.g., Compute Engine, Kubernetes, Cloud Storage, IAM, BigQuery, etc.) are configured according to company policies and regulatory requirements.
• Automate policy enforcement and validation for cloud resources using OPA and other policy enforcement tools.

Automation & CI/CD Integration:

• Integrate Rego policy tests and enforcement into CI/CD pipelines to ensure that policies are tested and applied consistently across environments.
• Work with DevOps teams to automate policy validation as part of the deployment and provisioning workflows.

Collaboration & Documentation:

• Collaborate with cross-functional teams (DevOps, Security, Compliance) to ensure that the policies meet business, security, and regulatory requirements.
• Create and maintain documentation for policies, tests, and guidelines for policy-as-code best practices.

Continuous Improvement:

• Stay up-to-date with the latest trends, tools, and best practices in cloud security, policy-as-code, and GCP services.
• Identify opportunities to improve policy automation and testing processes for cloud environments.

Skills & Qualifications:

Required:

Strong Experience with Rego / OPA:

• Hands-on experience writing policies using Rego for Open Policy Agent (OPA) to enforce cloud security and operational best practices.

Deep Knowledge of Google Cloud Platform (GCP):

• Extensive experience with GCP services such as IAM, Compute Engine, Kubernetes Engine, Cloud Storage, BigQuery, VPC, Cloud Functions, and more.
• Understanding of GCP-specific security controls, best practices, and compliance frameworks (e.g., CIS benchmarks, SOC 2, HIPAA, etc.).

Cloud Security & Compliance:

• Experience working with cloud security frameworks and tools, including infrastructure as code (IaC) principles.
• Knowledge of security and compliance requirements for cloud-based environments (e.g., GDPR, SOC 2, PCI-DSS).

Automated Testing & CI/CD:

• Proficiency in test-driven development (TDD) and automated testing frameworks.
• Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI, CircleCI, GitHub Actions) for automating policy testing and enforcement.

Programming / Scripting Skills:

• Proficiency in at least one programming or scripting language, such as Python, Go, Shell, or JavaScript.

Version Control & Collaboration Tools:

• Experience with version control systems, particularly Git, and collaborating on code repositories (e.g., GitHub, GitLab).

Preferred:

• Experience with Other Policy Engines:
  • Familiarity with other policy engines like Kubernetes admission controllers, Sentinel, or KubernetesOPA is a plus.
• Cloud Security Tools & Practices:
  • Hands-on experience with cloud security posture management (CSPM) tools, vulnerability scanning, and incident response.
• Certifications:
  • Google Cloud Certified - Professional Cloud Security Engineer or equivalent is a plus.
  • OPA or other security certifications are a plus.