Logo
 

GCP & Network Agentic Architect (f/m/d)

  • Pune (IND)
  • IT
  • Published: 28.05.2026
GCP & Network Agentic Architect (f/m/d), 1. image

What do we do?

Introducing Thinkproject Platform

Pioneering a new era and offering a cohesive alternative to the fragmented landscape of construction software, Thinkproject seamlessly integrates the most extensive portfolio of mature solutions with an innovative platform, providing unparalleled features, integrations, user experiences, and synergies.

By combining information management expertise and in-depth knowledge of the building, infrastructure, and energy industries, Thinkproject empowers customers to efficiently deliver, operate, regenerate, and dispose of their built assets across their entire lifecycle through a Connected Data Ecosystem.

What your day will look like

About the Role
We are looking for a GCP & Network Agentic Architect (f/m/d) to lead Thinkproject's migration to Google Cloud and own the networking and compliance foundation that makes it possible. You will validate and drive the full migration of all applications to GCP, define and implement the technical controls required for SecNumCloud and C5 certification, and act as the internal authority and primary liaison with S3NS on our SecNumCloud perimeter journey.

This is a senior individual-contributor role reporting to the Infrastructure Lead (who reports to the CIO), with direct CIO-adjacent visibility. You will sit at the intersection of platform engineering and technology strategy, contributing to platform roadmap decisions — not just executing them. The team is small, high ownership, and based in Pune. You will also own FinOps — because moving to GCP without cost governance is not a migration, it's a cost transfer. The team operates at pace, with real ambiguity and real impact.

Time allocation (approximate):
~35% GCP migration & SecNumCloud compliance | ~25% networking architecture &
rationalisation | ~20% controls automation & DevOps integration | ~20% FinOps, documentation & cross-team collaboration

Key Responsibilities
GCP Migration & Compliance

  • Validate and drive the migration of all Thinkproject applications to GCP — own the migration plan, track progress, surface blockers
  • Deliver a realistic, milestone-based timeline for full SecNumCloud perimeter migration in 2026
  • Act as the primary internal specialist and liaison for SecNumCloud, working directly with S3NS to scope, plan, and execute the migration into their environment
  • Implement and automate technical controls required for SecNumCloud, C5, and any arising compliance certifications

Networking Architecture

  • Own the networking layer: rationalise the current configuration, eliminate bottlenecks (including Cloudflare sprawl), and define the optimal networking architecture for Thinkproject on GCP
  • Collaborate with Security to define firewall policies, VPC topology, private service connect, and secure egress/ingress patterns
  • Ensure the networking foundation is documented, reproducible via IaC, and consumed cleanly by the Service Catalog

Controls Automation & DevOps Collaboration

  • Collaborate with DevOps and Engineering to automate GCP component deployment and
    compliance controls into CI/CD pipelines
  • Work with the SE and Compliance teams to map controls in-production vs controls to-be
    implemented — and close the gap
  • Use LLM-assisted tooling to accelerate controls validation, drift detection, and audit preparation

Service Catalog Alignment

  • Work closely with the Cloud Infrastructure & Agentic Architect to ensure the Service Catalog makes the best of Google-native capabilities
  • Validate that every catalog entry meets GCP networking and security standards before approval

FinOps

  • Own GCP cost attribution, commitment strategy, and rightsizing across all migrated workloads
  • Establish FinOps reporting baseline and make cost visible to engineering teams

What you need to fulfill the role

You have designed and operated GCP networking environments in production, hold hands-on
SecNumCloud or C5 compliance experience, and can translate security requirements into working IaC.
Specifically:

  • GCP networking fluency — firewalls, VPCs, Cloud NAT, Private Service Connect,
    VPN/Interconnect, Cloud Armor: you can design and troubleshoot these without reference documentation
  • Expert-level knowledge of the Google Cloud Platform stack across networking and infrastructure layers (GKE, Cloud Run, Cloud Functions, Pub/Sub, Artifact Registry, Identity-Aware Proxy, VPC Service Controls)
  • Proven IaC experience with Terraform (required); Ansible a strong plus
  • Proven hands-on security compliance experience: C5, SecNumCloud, or equivalent certification — applied in a live cloud environment, not theoretical
  • Familiarity with S3NS (Thales/Google SecNumCloud sovereign environment) or equivalent sovereign cloud frameworks is a strong plus
  • Hands-on experience with LLM-driven tooling (OpenCode, Claude Code, or equivalent) for infrastructure automation and compliance workflows
  • Comfortable operating in ambiguity — migration programmes have unknowns; you create clarity, not wait for it
  • Experience in Agile/fast-iteration environments with high individual ownership

Nice-to-Have (Bonus Skills)

  • Experience with Azure networking (for cross-cloud migration context)
  • FinOps certification or formal cost governance experience
  • Prior experience in a SaaS product company undergoing cloud migration
  • Knowledge of additional compliance frameworks (ISO 27001, SOC 2, HDS)

Soft Skills

  • Intense technical curiosity — you track GCP releases, security advisories, and sovereign cloud developments before they become industry standard
  • Strong problem-solving under constraint — you find paths through compliance complexity and networking debt without waiting for perfect conditions
  • Ownership mindset — you own the migration outcome, not just the architecture
  • Clear communicator: able to translate compliance requirements into engineering tasks, and engineering blockers into executive-level risk flags
  • Highly collaborative: you build working relationships with S3NS, Security, DevOps, SE, and Compliance teams simultaneously
  • Fact-driven and data-driven: you anchor migration timelines and FinOps recommendations in evidence

What success looks like
Month 2: Full GCP migration plan documented with per-application timeline; FinOps baseline
established
Month 4: Networking rationalisation roadmap complete; Service Catalog alignment with Cloud
Infrastructure Architect confirmed
Month 6: Networking layer refactored and documented via IaC; first application wave fully
migrated to GCP; SecNumCloud gap analysis complete and controls implementation underway
Month 12: All applications within GCP perimeter or on confirmed migration path; SecNumCloud controls automated and audit-ready; FinOps reporting active across all workloads; C5 and SecNumCloud certification timelines confirmed with S3NS

You're probably NOT a fit if

  • You have GCP architecture knowledge but have never touched networking at the firewall/VPC level in production
  • You approach compliance as a documentation exercise rather than an engineering problem
  • You need stable, fully-defined infrastructure before you can design on top of it
  • You are not comfortable being the single internal authority on a certification process with external auditors

What we offer

  • Multicultural team across 7 countries (Germany, France, UK, UAE, Spain, New Zealand, Australia)
  • Hybrid-first working
  • Continuous learning & certification budget - GCP certifications fully sponsored (Professional Cloud Network Engineer, Professional Cloud
    Security Engineer)
  • Open, inclusive, and high-ownership culture

At Thinkproject, we run feedback cycles that are honest and frequent. We believe the best engineering cultures are built on trust, transparency, and shared ownership — not hierarchy. Our Pune team is a core part of a global organisation, collaborating across time zones with colleagues in Germany, France, the UK, UAE, Spain, New Zealand, and Australia.

Lunch 'n' Learn Sessions I Women's Network I LGBTQIA+ Network I Coffee Chat Roulette I Free English Lessons I Thinkproject Academy I Social Events I Volunteering Activities I Open Forum with Leadership Team (Tp Café) I Hybrid working I Unlimited learning

We are a passionate bunch here. To join Thinkproject is to shape what our company becomes. We take feedback from our staff very seriously and give them the tools they need to help us create our fantastic culture of mutual respect. We believe that investing in our staff is crucial to the success of our business.

Your contact:

Preethika Ramdass

How to apply
Submit your application at careers.thinkproject.com, including:
Salary expectations
Potential start date
A short write-up (max 300 words) on the most complex cloud networking or compliance
challenge you have solved — this is the most important part of your application

Working at thinkproject.com - think career. think ahead.

#LI-PR1

#LI-Hybrid