Google Cloud Managed Instance Groups on Assured Workloads

Remote, USA Full-time Posted 2025-11-08

Title: Google Cloud Engineer – Windows Server MIG with Per-User VM Access (IAP + MFA) Description: We need help designing and implementing a secure, scalable Windows Server environment in Google Cloud Platform using Managed Instance Groups (MIGs). The goal: Each user gets their own Windows VM (1 user = 1 VM), accessed securely through Google Identity-Aware Proxy (IAP) with MFA. No Active Directory or Okta. Requirements: Build a golden Windows Server image with apps preinstalled (Adobe Reader, Office, browser). Configure a Managed Instance Group (MIG) to spin up VMs from this image. Implement a broker layer (Cloud Function/Run + Firestore or equivalent) that: Checks if a user already has a VM assigned. If not, provisions one, labels it with the user’s email, and grants them IAP access to that VM only. Ensure IAP is the only way to RDP into these VMs. On VM startup, a script should create a local Windows account matching the assigned user and generate a secure password (stored in Google Secret Manager). Optional: Implement cleanup logic to reclaim idle VMs. Provide documentation and handoff so we can manage and scale the system after delivery. Skills Needed: Google Cloud Platform (Compute Engine, MIGs, IAM, IAP, Cloud Functions/Run, Firestore, Secret Manager) Windows Server image building (sysprep, startup scripts, hardening) PowerShell scripting for automated account creation Security best practices (MFA, least privilege, CIS Level 1 baseline a plus) Deliverables: Working environment where each user automatically gets their own VM. IAP enforced with MFA for all access. Automated local account creation and credential management. Written runbook or video walkthrough for ongoing ops. ✅ Screening Questions You can paste these in the job posting to filter applicants: Have you built or managed a Managed Instance Group (MIG) in GCP before? How would you control per-instance IAM permissions so that only one user can access a VM through IAP? What approach would you use to automate Windows local account creation on boot? Do you have experience with Firestore or other lightweight state stores for tracking resources? What security baselines (CIS, Microsoft baselines) have you applied to Windows Server images? Can you provide an example of GCP automation you’ve built (Terraform, scripts, Cloud Functions)? Apply tot his job Apply To this Job

Apply Now

Google Cloud Managed Instance Groups on Assured Workloads

Similar Jobs

Elementary Youth Program Specialist - Supporting Refugee and Immigrant Students in Educational Excellence

Experienced Administrative Assistant - Remote Opportunity in Wyoming - Providing Exceptional Support to Educational Excellence

Experienced Adjunct Faculty Member for Video Game Development - Coding for Non-Coders Certificate Program

Experienced Full-Time Assistant/Associate Teaching Professor of Economics - Remote Teaching Opportunities with Pennsylvania State University

Frontend Coach (Non-Complex) - WM - Remote - Walmart - Career Growth Opportunities

Assistant Teacher for Toddler Classroom - Early Childhood Education & Development

Experienced Before and After School Instructor - Remote and Onsite Opportunities in Bothell, WA - Child Development and Education

Chemistry Tutor (Part-Time) - Organic and Biochemistry Support in North Canton, OH - Remote and On-Campus Opportunities

Instructional Assistant - Special Education: Empowering Student Success in Diverse Learning Environments

Assistant/Associate Professor, Educator - Department of Mechanical and Materials Engineering - Tenure Track Faculty Position