We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.
Principal Cloud Engineer/ GCP Platform Technical LeadWho are youYou are a cloud-first, hands-on Principal Engineer and the authoritative technical voice for the enterprise Google Cloud Platform (GCP) environment. You bring deep engineering expertise, strong architectural judgment, and a platform-owner mindset to design, build, and operate a secure, scalable, and production-grade GCP landing zone in highly regulated environments.
You are equally comfortable setting technical vision, writing production-grade code, documenting complex decisions through Architecture Decision Records (ADRs), and guiding teams through disciplined execution. You influence engineers and stakeholders through clarity of thought, strong design rationale, and operational rigor.
You believe Infrastructure as Code, security-by-design, automation, and observability are foundational—not optional. You are motivated by building durable, self-service platforms that empower teams to move quickly while maintaining reliability, compliance, and enterprise governance.
Role ResponsibilitiesDevelopment & Enforcement- Own the enterprise GCP platform end-to-end, including organization structure, resource hierarchy, billing, networking architecture, IAM tiering, CMEK, VPC Service Controls, and centralized logging.
- Define, build, and maintain the enterprise GCP Landing Zone, including Shared VPC, project factory patterns, Org Policies, and governance guardrails.
- Serve as the final technical authority on GCP architecture and engineering decisions, ensuring scalability, security, reliability, and production readiness.
- Establish and enforce engineering standards across Infrastructure as Code, GitOps workflows, naming conventions, tagging strategies, branching models, and deployment practices using Terraform and Kubernetes Config Connector (KCC).
- Act as the technical anchor and senior-most individual contributor for the GCP Cloud Engineering and Platform teams.
- Partner closely with enterprise architecture, security, networking, operations, and application teams to translate business and regulatory requirements into scalable platform capabilities.
- Collaborate across technology towers and platform teams (including AI and provisioning platforms) to enable consistent, secure, and efficient cloud adoption.
- Influence cloud strategy across CSPs while driving GCP as the primary enterprise platform of choice.
- Design and engineer enterprise-grade GCP networking, including Shared VPC, NCC hub-and-spoke architectures, VPC Service Controls, Private Service Connect, Cloud NAT, and hybrid connectivity using Cloud Interconnect and HA VPN.
- Architect and operate secure private GKE clusters using Workload Identity, Binary Authorization, Shielded Nodes, Config Sync, and least-privilege IAM patterns.
- Define identity and access strategies leveraging IAM, group-based access, PAM entitlements, Workload Identity Federation, and Entra ID integration.
- Evaluate platform designs for cost efficiency, performance, resilience, and long-term sustainability.
- Build and maintain self-service platform capabilities enabling product teams to deploy safely and independently.
- Integrate observability as a first-class platform feature using Cloud Monitoring, Cloud Logging, Datadog, SLIs/SLOs, alerting policies, and PagerDuty.
- Design and operate CI/CD and automation infrastructure, including self-hosted GitHub Actions runners on GKE using ARC.
- Manage secrets and encryption lifecycle using Secret Manager, CMEK, External Secrets Operator, and automated key rotation.
- Participate in on-call rotation and provide L3 escalation support for platform and infrastructure incidents.
- Drive continuous, automated compliance for regulatory frameworks such as HIPAA, PCI-DSS, SOC 2, and FedRAMP.
- Mentor engineers at all levels, raising the bar for cloud engineering excellence, security, and operational maturity.
- Lead and participate in architecture, design, code, and security reviews for all platform changes.
- Coach engineers on GCP best practices, cloud-native design patterns, and operational excellence.
- Build long-term technical depth and leadership capability within the cloud engineering organization.
- Evaluate and pilot emerging GCP and cloud-native capabilities, including GKE Enterprise, Vertex AI, and AI-assisted DevOps tooling.
- Research modern Kubernetes, networking, and platform engineering patterns to improve scalability, security, and developer experience.
- Explore AI-driven infrastructure operations and automation opportunities.
- Foster a culture of disciplined experimentation with measurable outcomes.
- Own and drive the GCP platform roadmap aligned with enterprise priorities and regulatory requirements.
- Author, maintain, and socialize Architecture Decision Records (ADRs) for major platform decisions.
- Embed FinOps practices into the platform, including cost allocation, budget alerting, committed use discounts, and rightsizing.
- Influence long-term cloud transformation initiatives and ensure platform scalability aligns with business growth and compliance needs.
- 10+ years of experience in infrastructure or cloud engineering, with 5+ years of deep, hands-on GCP experience at enterprise scale.
- 5+ years experience with proven ownership of a GCP Organization, including resource hierarchy, billing, Org Policy, IAM, and multi-project governance.
- 5+ years of demonstrated technical leadership as a principal engineer or platform owner for a major enterprise cloud initiative.
- 3+ years of experience with cloud implementations best practices and well architected framework.
- 6+ years of deep expertise across GCP services, including:
- Compute & Containers: GKE (Private, Autopilot & Standard), Cloud Run, Compute Engine, MIGs
- Networking: Shared VPC, NCC, VPC Service Controls, Private Service Connect, Cloud Armor, Interconnect, HA VPN
- Security & Identity: IAM, Workload Identity, WIF, PAM, Binary Authorization, Security Command Center, Secret Manager, CMEK
- Data & Messaging: BigQuery, Pub/Sub, Cloud Storage, Dataflow, Cloud Composer
- IaC & Automation: Terraform (modules, remote state, policy-as-code), KCC, Cloud Build, GitOps
- Observability: Cloud Operations Suite, Datadog, SLIs/SLOs, PagerDuty
- 1+ years of experience with implementing Agentic AI, and creating Agents.
- Strong programming and scripting experience in Python and Go; Bash required. PowerShell experience a plus.
- Experience operating and supporting production platforms in regulated environments.
- Google Cloud Professional Cloud Architect and/or Professional DevOps Engineer certification.
- HashiCorp Terraform Associate or Professional certification.
- Experience with Palo Alto VM-Series NGFW and F5 BIG-IP VE in GCP.
- Familiarity with Anthos, GKE Enterprise, and multi-cloud connectivity patterns.
- Experience with Vertex AI, LLM and enterprise MLOps patterns.
- Healthcare or other highly regulated industry experience (HIPAA, SOC 2, PCI-DSS, FedRAMP).
- Experience with advanced CI/CD runner infrastructure and multi-OS build environments.
Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent experience (High School diploma + 4 years of relevant experience)
Pay Range
The typical pay range for this role is:
$144,200.00 - $288,400.00
This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company’s equity award program.
Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.
Great benefits for great people
We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.
Additional details about available benefits are provided during the application process and on Benefits Moments.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.
CVS Health Edison, New Jersey, USA Office
Edison, United States
CVS Health Elizabeth, New Jersey, USA Office
Elizabeth, United States
CVS Health Florham Park, New Jersey, USA Office
Florham Park, United States
CVS Health Hoboken, New Jersey, USA Office
Hoboken, United States
CVS Health Jersey City, New Jersey, USA Office
Jersey City, United States
CVS Health Montclair, New Jersey, USA Office
Montclair, United States
CVS Health New Brunswick, New Jersey, USA Office
New Brunswick, United States
CVS Health New Rochelle, New York, USA Office
New Rochelle, United States
CVS Health New York, New York, USA Office
New York, United States
CVS Health New York, New York, USA Office
New York, United States
CVS Health New York, New York, USA Office
New York, United States
CVS Health New York, New York, USA Office
New York, United States
CVS Health Newark, New Jersey, USA Office
Newark, United States
CVS Health North Brunswick, New Jersey, USA Office
North Brunswick, United States
CVS Health Paterson, New Jersey, USA Office
Paterson, United States
CVS Health Teaneck, New Jersey, USA Office
Teaneck, United States
CVS Health Yonkers, New York, USA Office
Yonkers, United States
Similar Jobs
What you need to know about the NYC Tech Scene
Key Facts About NYC Tech
- Number of Tech Workers: 549,200; 6% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Capgemini, Bloomberg, IBM, Spotify
- Key Industries: Artificial intelligence, Fintech
- Funding Landscape: $25.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Greycroft, Thrive Capital, Union Square Ventures, FirstMark Capital, Tiger Global Management, Tribeca Venture Partners, Insight Partners, Two Sigma Ventures
- Research Centers and Universities: Columbia University, New York University, Fordham University, CUNY, AI Now Institute, Flatiron Institute, C.N. Yang Institute for Theoretical Physics, NASA Space Radiation Laboratory



