Job Description
We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.
Principal Cloud Engineer/ GCP Platform Technical Lead
Who are you
You are a cloud-first, hands-on Principal Engineer and the authoritative technical voice for the enterprise Google Cloud Platform (GCP) environment. You bring deep engineering expertise, strong architectural judgment, and a platform-owner mindset to design, build, and operate a secure, scalable, and production-grade GCP landing zone in highly regulated environments.
You are equally comfortable setting technical vision, writing production-grade code, documenting complex decisions through Architecture Decision Records (ADRs), and guiding teams through disciplined execution. You influence engineers and stakeholders through clarity of thought, strong design rationale, and operational rigor.
You believe Infrastructure as Code, security-by-design, automation, and observability are foundational—not optional. You are motivated by building durable, self-service platforms that empower teams to move quickly while maintaining reliability, compliance, and enterprise governance.
Role Responsibilities
Development & Enforcement
- Own the enterprise GCP platform end-to-end, including organization structure, resource hierarchy, billing, networking architecture, IAM tiering, CMEK, VPC Service Controls, and centralized logging.
- Define, build, and maintain the enterprise GCP Landing Zone, including Shared VPC, project factory patterns, Org Policies, and governance guardrails.
- Serve as the final technical authority on GCP architecture and engineering decisions, ensuring scalability, security, reliability, and production readiness.
- Establish and enforce engineering standards across Infrastructure as Code, GitOps workflows, naming conventions, tagging strategies, branching models, and deployment practices using Terraform and Kubernetes Config Connector (KCC).
Collaboration & Expertise
- Act as the technical anchor and senior-most individual contributor for the GCP Cloud Engineering and Platform teams.
- Partner closely with enterprise architecture, security, networking, operations, and application teams to translate business and regulatory requirements into scalable platform capabilities.
- Collaborate across technology towers and platform teams (including AI and provisioning platforms) to enable consistent, secure, and efficient cloud adoption.
- Influence cloud strategy across CSPs while driving GCP as the primary enterprise platform of choice.
Analysis & Configuration
- Design and engineer enterprise-grade GCP networking, including Shared VPC, NCC hub-and-spoke architectures, VPC Service Controls, Private Service Connect, Cloud NAT, and hybrid connectivity using Cloud Interconnect and HA VPN.
- Architect and operate secure private GKE clusters using Workload Identity, Binary Authorization, Shielded Nodes, Config Sync, and least-privilege IAM patterns.
- Define identity and access strategies leveraging IAM, group-based access, PAM entitlements, Workload Identity Federation, and Entra ID integration.
- Evaluate platform designs for cost efficiency, performance, resilience, and long-term sustainability.
Operational Support
- Build and maintain self-service platform capabilities enabling product teams to deploy safely and independently.
- Integrate observability as a first-class platform feature using Cloud Monitoring, Cloud Logging, Datadog, SLIs/SLOs, alerting policies, and PagerDuty.
- Design and operate CI/CD and automation infrastructure, including self-hosted GitHub Actions runners on GKE using ARC.
- Manage secrets and encryption lifecycle using Secret Manager, CMEK, External Secrets Operator, and automated key rotation.
- Participate in on-call rotation and provide L3 escalation support for platform and infrastructure incidents.
- Drive continuous, automated compliance for regulatory frameworks such as HIPAA, PCI-DSS, SOC 2, and FedRAMP.
Mentorship & Training
- Mentor engineers at all levels, raising the bar for cloud engineering excellence, security, and operational maturity.
- Lead and participate in architecture, design, code, and security reviews for all platform changes.
- Coach engineers on GCP best practices, cloud-native design patterns, and operational excellence.
- Build long-term technical depth and leadership capability within the cloud engineering organization.
Innovation and Research
- Evaluate and pilot emerging GCP and cloud-native capabilities, including GKE Enterprise, Vertex AI, and AI-assisted DevOps tooling.
- Research modern Kubernetes, networking, and platform engineering patterns to improve scalability, security, and developer experience.
- Explore AI-driven infrastructure operations and automation opportunities.
- Foster a culture of disciplined experimentation with measurable outcomes.
Strategic Planning
- Own and drive the GCP platform roadmap aligned with enterprise priorities and regulatory requirements.
- Author, maintain, and socialize Architecture Decision Records (ADRs) for major platform decisions.
- Embed FinOps practices into the platform, including cost allocation, budget alerting, committed use discounts, and rightsizing.
- Influence long-term cloud transformation initiatives and ensure platform scalability aligns with business growth and compliance needs.
Qualifications
Basic Qualifications
- 10+ years of experience in infrastructure or cloud engineering, with 5+ years of deep, hands-on GCP experience at enterprise scale.
- 5+ years experience with proven ownership of a GCP Organization, including resource hierarchy, billing, Org Policy, IAM, and multi-project governance.
- 5+ years of demonstrated technical leadership as a principal engineer or platform owner for a major enterprise cloud initiative.
- 3+ years of experience with cloud implementations best practices and well architected framework.
- 6+ years of deep expertise across GCP services, including:
- Compute & Containers: GKE (Private, Autopilot & Standard), Cloud Run, Compute Engine, MIGs
- Networking: Shared VPC, NCC, VPC Service Controls, Private Service Connect, Cloud Armor, Interconnect, HA VPN
- Security & Identity: IAM, Workload Identity, WIF, PAM, Binary Authorization, Security Command Center, Secret Manager, CMEK
- Data & Messaging: BigQuery, Pub/Sub, Cloud Storage, Dataflow, Cloud Composer
- IaC & Automation: Terraform (modules, remote state, policy-as-code), KCC, Cloud Build, GitOps
- Observability: Cloud Operations Suite, Datadog, SLIs/SLOs, PagerDuty
- 1+ years of experience with implementing Agentic AI, and creating Agents.
Preferred Qualifications
- Strong programming and scripting experience in Python and Go; Bash required. PowerShell experience a plus.
- Experience operating and supporting production platforms in regulated environments.
- Google Cloud Professional Cloud Architect and/or Professional DevOps Engineer certification.
- HashiCorp Terraform Associate or Professional certification.
- Experience with Palo Alto VM-Series NGFW and F5 BIG-IP VE in GCP.
- Familiarity with Anthos, GKE Enterprise, and multi-cloud connectivity patterns.
- Experience with Vertex AI, LLM and enterprise MLOps patterns.
- Healthcare or other highly regulated industry experience (HIPAA, SOC 2, PCI-DSS, FedRAMP).
- Experience with advanced CI/CD runner infrastructure and multi-OS build environments.
Education
Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent experience (High School diploma + 4 years of relevant experience)
Pay Range
The typical pay range for this role is:
$144,200.00 - $288,400.00
This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company’s equity award program.
Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.
Great benefits for great people
We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.
This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.
Additional details about available benefits are provided during the application process and on Benefits Moments
We anticipate the application window for this opening will close on: 07/11/2026
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.