GCP Security SME I Architecture I Engineering

  • Vakgebied IT
  • Dienstverband Fulltime
  • Vacaturenummer VAC-10027614
  • Locatie Veldhoven
  • Type overeenkomst Secondment via YER
  • Branche IT & Telecom

Over deze vacature

ASML brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips. They design, develop, integrate, market and service these advanced machines, which enable our customers – the world’s leading chipmakers – to reduce the size and increase the functionality of their clients microchips, which in turn leads to smaller, more powerful consumer electronics.

ASML has prioritized to apply Cloud throughout its IT services landscape. The Cloud Center of Excellence (CCoE) is responsible for developing and operating the Microsoft Azure and Google Cloud Platform that is used within all regions where ASML has a significant presence.

Job Mission

As a Cloud Security Specialist you design and implement a secure end-to-end infrastructure on a GCP/Azure in an hybrid cloud setup. The GCP/Azure Security Specialist should be hands-on in all aspects of GCP/Azure security including implementing security controls and threat protection, managing identity and access management, defining organizational structure and policies, using Google & Azure technologies in order to provide data protection, configuring network security defenses, collecting and analyzing Azure logs, managing incident responses, and an understanding of regulatory concerns.

This role is part of the Cloud Center of Excellence (CCoE). This team’s vision is to provide a flexible and reliable cloud platform to enable accelerated and sustainable adoption of cloud across ASML and maximizing the ability to realize its benefits while reducing risks. In this role you will work closely together with products owners, cloud & security architects and cloud engineers to help build a secure and robust enterprise-grade cloud platform.


  • Maintain and improve the security posture of the GCP/Azure platform, identifying, and remediating vulnerabilities by using a variety of security tools.
  • Provide cyber security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks.
  • Implement and configure security controls and policies, manage access to data, and monitor threats to ensure that apps, containers, infrastructure, and networks are protected.
  • Implementing threat protection and responding to security incident escalations.
  • Automate security controls, data, and processes to provide better metrics and operational support using security-as-code.
  • Configure access within a cloud solution environment using the defense-in-depth principle
  • Configure network security including in a hybrid context with traditional network centric controls Public
  • Ensure data protection
  • Manage operations within a cloud solution environment such as operations tasks, using cloud native tools, like Log Analytics, Azure Monitor and Azure Security Center or other monitoring tooling.
  • Support our cloud engineers to implement security best-practices and enable secure development and release processes.
  • Ensure compliance
  • Deliver/update documentation (e.g. operational tasks) on CCoE wiki.
  • Be part of a multidisciplinary DevOps team which takes ownership of both new development and operational activities.


  • Bachelor’s/Master degree in IT, Business Management, Computer Science or Electronics


ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.

ASML is headquartered in Veldhoven, the Netherlands.


You will be employed by YER and seconded to ASML. We offer:

  • Good employee benefits
  • Challenging assignments
  • Excellent guidance from your consultant and YER's back office
  • Development opportunities, including the YER Talent Development Programme with a personal coach
  • Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
  • Cooperative and results and relationship-driven
  • Friendly atmosphere and open culture
  • Community/network with other technology professionals from a variety of multinationals
  • Events and master classes with interesting speakers and attractive companies


  • Expertise in building and maintaining secure cloud solutions.
  • Understand agile and DevSecOps concepts in a security context such as “trust but verify”, central vs decentral controls, make agile teams as autonomous as possible while ensuring the teams adhere to the NonFunctional-Requirements.
  • Proven experience with Azure & GCP
  • A deep understanding of networking, e.g. IP subnetting, Network Security Groups, routing, Azure Firewall, ExpressRoute, load balancer, DNS.
  • A deep understanding of configuring security policies and securing applications and data.
  • Strong familiarity with cloud capabilities and products and services for Azure, e.g. Azure Active Directory, Privileged Identity Management, VMs, Container Registry, Azure Kubernetes Services (AKS), Data Services, KeyVault.
  • Strong familiarity with cloud native tools in GCP/Azure, e.g. Azure Monitor, Log Analytics, Azure Security Center.
  • Strong skills in scripting and automation, Infrastructure-as-Code (IaC) and using CI/CD concepts.
  • Experience with pipeline tooling for automated deployments and applying security controls. Experience with Azure DevOps Pipelines is preferred but also other tools like Jenkins, Bamboo, Buildkite are a pre.
  • Experience with infrastructure orchestration (IaC) tools such as Terraform and other cloud-specific infrastructure automation tools (Azure Resource Manager, Google Cloud Deployment Manager) to automate the creation of staging, testing and production environments.
  • Experience with configuration management / desired state automation / compliance tools such as Ansible, Inspec, Azure Policy, Google Forseti, Puppet, to configure, monitor and automatically enforce security controls where needed to ensure compliancy.
  • Proficient in Linux system design, automation, and operation.
  • Understand the concepts of Site Reliability Engineering (SRE) to maximize automation, reduce waste, increase scale and apply systemic thinking is a pre.
  • Work experience from large, international companies and have dealt with or worked for global service providers.
  • Security certifications such as Azure Security Engineer Associate or GCP Professional Cloud Security Engineer are explicitly very beneficial. Also industry certifications are considered as beneficial e.g., CISSP,CSSP, CCSK, GIAC, CEH …