TechJobBoard
Why TechJobBoard?

SoFi

Google Workspace & Cloud Engineer

at SoFi

MT - Helena, UT - Cottonwood Heights


Employee Applicant Privacy Notice

Who we are:

Shape a brighter financial future with us.

Together with our members, we’re changing the way people think about and interact with personal finance.

We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.

About the Role

SoFi’s Corporate Applications team is responsible for the platforms that power employee productivity, identity, and secure access across the company. As our environment continues to evolve, we are investing in stronger platform ownership, automation, and governance across Google Workspace, Google Cloud Platform (GCP), and our broader SaaS ecosystem.

We are seeking a Google Workspace & GCP Engineer with primary ownership of Google Workspace and GCP Administration with a strong security, automation, and governance mindset. This role supports and stabilizes a multi-domain environment while driving improvements in security posture, automation maturity, documentation, cloud identity management, and third-party application governance.

We use ServiceNow and Jira to manage requests, change workflows, and operational automations. In this role, you’ll partner with tool owners and automation engineers to ensure platform changes and lifecycle processes are reliable, traceable, and continuously improved.

This role reports directly to the hiring manager and will be trusted with meaningful platform responsibilities early, with opportunities to take on broader ownership as experience and judgment are demonstrated. Access to Google Workspace, GCP, Slack, and integrated SaaS platforms is centrally managed through an identity provider, with a strong emphasis on consistent identity, access, and lifecycle controls.

Primary platforms are Google Workspace and GCP.
Secondary responsibilities include governance and backup administration for Slack and other SaaS tools that integrate with Google Workspace and GCP.


What You’ll Do

  • Administer Google Workspace (multi-domain) and GCP in a production environment

  • Execute Joiner/Mover/Leaver lifecycle management, including provisioning, deprovisioning, and license governance

  • Manage OUs, groups, shared drives, Gmail, Drive, Calendar, Chrome Enterprise, and Workspace service configurations

  • Administer GCP org structure (org, folders, projects) and enforce least-privilege IAM role assignments

  • Govern service accounts, APIs, and automation access across Workspace and GCP

  • Integrate and align access controls across Google Workspace, GCP, and Okta

  • Monitor audit logs, detect risky access/sharing patterns, and support security investigations

  • Administer Google Vault retention policies and legal holds

  • Review and govern OAuth apps and third-party integrations (allow/deny, exceptions, access reviews)

  • Partner on CASB/SSPM remediation and proactively reduce SaaS and cloud risk

  • Identify cloud/SaaS cost inefficiencies and recommend optimization opportunities

  • Automate administration using GAM/GAMADV-XTD3, Google Admin SDK APIs, and scripting (Python, Bash, PowerShell)

  • Partner with automation engineers to pilot and operationalize agentic AI tooling for admin workflows (triage, access reviews, drift detection), including validation, logging, and change controls.

  • Partner with ServiceNow/Jira tool owners to improve workflow-driven automations for access, lifecycle, and governance (routing, approvals, notifications, evidence)

  • Improve reliability and scalability of lifecycle, license, and access governance automation

  • Operate within structured ITSM processes (ServiceNow), maintain documentation/runbooks, and support CMDB accuracy

  • Provide secondary governance support for Slack and integrated SaaS platforms
     

What You’ll Need

  • 3+ years hands-on Google Workspace administration experience in production

  • 2+ years Scripting proficiency (Python, Bash, or PowerShell)

  • 2+ years working knowledge of GCP IAM, project administration, and service account governance

  • Experience governing Slack and integrated SaaS applications with a focus on identity alignment, access control, and compliance

  • Strong understanding of IAM, least-privilege access, and risk-based security controls

  • Experience with GAM or GAMADV-XTD3

  • Experience with enterprise identity providers (e.g., Okta), including SSO and SCIM provisioning

  • Familiarity with audit logging, compliance controls, and OAuth governance

  • Experience working within structured ITSM environments (ServiceNow preferred)

  • ServiceNow experience preferred (incident, request, change workflows)

  • Understanding of CMDB concepts and change management processes

  • Strong written and verbal communication skills

  • Experience stabilizing or modernizing legacy environments

Compensation and Benefits
The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location. 
 
To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page!
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.
The Company hires the best qualified candidate for the job, without regard to protected characteristics.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
New York applicants: Notice of Employee Rights
SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com.
Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.
Internal Employees
If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.
TechJobBoard

Search open jobs in the tech industry faster and find your match.

© 2023 TechJobBoard. All rights reserved.