About Bolt GroupBolt Group builds custom AI and software solutions for fast-growing companies across commercial real estate, healthcare, consumer, and emerging tech. Our team of 13+ engineers (primarily US and LATAM) delivers end-to-end product builds, DevOps infrastructure, and AI implementation for clients ranging from SMB and startups to publicly traded companies.We are now hiring a contract DevOps Engineer to set up a production-grade Google Cloud Platform (GCP) environment. This will be a project-based engagement to start, with potential for ongoing part-time support.EngagementType: Project-based contract with potential part-time ongoing supportReporting to: Bolt Group engineering leadership & client CTOLocation constraint: All cloud services and data residency must remain US-based (e.g., us-central1/us-east1/us-west* regions)What You’ll Own (Start-to-Finish Buildout)Infrastructure as Code: Stand up GCP environment using Terraform (projects, folders, IAM, service accounts, org policies, budgets, alerts).Networking: Design and implement VPC, subnets, NAT, private service access, firewall rules, routing, and environment isolation (dev/stage/prod).Kubernetes: Provision GKE (Autopilot or Standard as justified), node pool strategy, cluster hardening, workload identity, secrets management, PodSecurity, network policies.Artifact & CI/CD:Choose and implement CI/CD for three applications (Cloud Build or GitHub Actions), with gated promotions and per-env configs.Container build pipeline (Buildpacks or Docker), image scanning, SBOMs, and deployment strategies (blue/green or rolling).Static/Media Delivery: GCS buckets with Cloud CDN for images/media, signed URLs, cache keys, and invalidations.Observability: Logging/metrics/tracing via Cloud Logging/Monitoring (and/or Prometheus/Grafana), alerting SLOs, uptime checks, error reporting.Security & Compliance Guardrails: Org policies to enforce US-only regions, least-privilege IAM, secret rotation, binary authorization (if applicable), and basic backup/DR strategy.Cost Controls: Budgets, alerts, labels, baseline FinOps hygiene; simple usage dashboards.Knowledge Transfer: Clear RUNBOOKS and handoff docs; lightweight training for client engineers to continue Terraform maintenance.Success Looks LikeReproducible Terraform plan/apply for dev, stage, prod, with US-region enforcement.GKE cluster(s) deployed and secured; apps deployed via CI/CD with per-env configs and rollout controls.GCS + Cloud CDN serving assets with correct caching and access controls.Dashboards and alerts in place; on-call ready basics documented.Handoff complete so the internal team can iterate without you.Must-Haves4+ years professional DevOps/SRE with GCP at production scale.Strong Terraform module design and environment strategy.GKE/Kubernetes expertise: workload identity, network policies, RBAC, ingress, autoscaling, secrets.VPC design, private networking, NAT, firewalling, and service perimeters.CI/CD with Cloud Build and/or GitHub Actions (build, test, scan, deploy).GCS + Cloud CDN setup for static/media delivery.Production observability on GCP, actionable alerts, incident hygiene.Security fundamentals: IAM least privilege, secret management, org policy constraints, image scanning.Clear technical writing for runbooks and handoffs.Nice-to-HavesBinary Authorization, Cloud Armor/WAF, Cloud SQL/AlloyDB/Istio experience.Prometheus/Grafana on GKE; OpenTelemetry.FinOps guardrails for early-stage teams.Familiarity with React/TypeScript back-end admin tools (for occasional collaboration with the app team).What You’ll Deliver (Milestones)Architecture doc and Terraform plan (projects, IAM, org policies, VPC).Budgets/alerts; region policy to restrict to US.GKE cluster(s) live with baseline hardening.CI/CD pipelines for multiple apps with gated promotions.GCS + Cloud CDN configured and verified.Dashboards/alerts, error reporting, runbooks.Cost checks, final security pass, and knowledge transfer.Screening Process (fast and practical)Portfolio/Resume review focused on recent GCP + Terraform + GKE work.Technical interview: walk through a prior GKE/Terraform environment you built, tradeoffs you made, and how you enforced region constraints.