Google Cloud Managed Instance Groups on Assured Workloads

Remote Full-time

Title: Google Cloud Engineer – Windows Server MIG with Per-User VM Access (IAP + MFA) Description: We need help designing and implementing a secure, scalable Windows Server environment in Google Cloud Platform using Managed Instance Groups (MIGs). The goal: Each user gets their own Windows VM (1 user = 1 VM), accessed securely through Google Identity-Aware Proxy (IAP) with MFA. No Active Directory or Okta. Requirements: Build a golden Windows Server image with apps preinstalled (Adobe Reader, Office, browser). Configure a Managed Instance Group (MIG) to spin up VMs from this image. Implement a broker layer (Cloud Function/Run + Firestore or equivalent) that: Checks if a user already has a VM assigned. If not, provisions one, labels it with the user’s email, and grants them IAP access to that VM only. Ensure IAP is the only way to RDP into these VMs. On VM startup, a script should create a local Windows account matching the assigned user and generate a secure password (stored in Google Secret Manager). Optional: Implement cleanup logic to reclaim idle VMs. Provide documentation and handoff so we can manage and scale the system after delivery. Skills Needed: Google Cloud Platform (Compute Engine, MIGs, IAM, IAP, Cloud Functions/Run, Firestore, Secret Manager) Windows Server image building (sysprep, startup scripts, hardening) PowerShell scripting for automated account creation Security best practices (MFA, least privilege, CIS Level 1 baseline a plus) Deliverables: Working environment where each user automatically gets their own VM. IAP enforced with MFA for all access. Automated local account creation and credential management. Written runbook or video walkthrough for ongoing ops. ✅ Screening Questions You can paste these in the job posting to filter applicants: Have you built or managed a Managed Instance Group (MIG) in GCP before? How would you control per-instance IAM permissions so that only one user can access a VM through IAP? What approach would you use to automate Windows local account creation on boot? Do you have experience with Firestore or other lightweight state stores for tracking resources? What security baselines (CIS, Microsoft baselines) have you applied to Windows Server images? Can you provide an example of GCP automation you’ve built (Terraform, scripts, Cloud Functions)? Apply tot his job

Apply Now

Experienced Full-Time Data Entry Specialist – Remote Work Opportunity with Competitive Pay and Comprehensive Benefits at arenaflex

Remote Full-time

Experienced Business Sales Professional – Work from Home Opportunity with Unlimited Earning Potential and Unparalleled Work-Life Balance

Remote Full-time

Experienced Part-Time Remote Live Chat Sales Agent – Global Opportunity with arenaflex

Remote Full-time

← Back to Home

Google Cloud Managed Instance Groups on Assured Workloads

Similar Opportunities

Google Cloud Trainer Conversational AI & CCAI Specialist

Google Cloud Solution Architect

Strategic Architect, Google Cloud

Google Cloud Platform DevOps Engineer

Senior Google Cloud Engineer O&M Lead

Google Cloud data engineer - Contract to Hire

Fully Remote Medical Coder- Must Have CCS Cert

Google Cloud Engineer -SME | Req#3966

Workspace Sales Specialist Manager III, Google Cloud

AI Phone Survey System – Hungarian Language (Google Gemini + Google Cloud) - Contract to Hire

Experienced Full-Time Data Entry Specialist – Remote Work Opportunity with Competitive Pay and Comprehensive Benefits at arenaflex

Engineering Manager, AI Powered: Custom Models

Marketing Lead Analyst Remote Contract

Experienced Customer Service Representative – Part-Time Remote Opportunity in San Antonio Area

Virtual Mental Health Therapist- Child Welfare, Virginia

Remote Non-QM Loan Underwriter- West Coast Only

Clinical Scheduler - Anesthesiology - Remote - Nationwide

Experienced Remote Live Chat Customer Support Specialist – Join blithequark's Dynamic Team

Experienced Business Sales Professional – Work from Home Opportunity with Unlimited Earning Potential and Unparalleled Work-Life Balance

Experienced Part-Time Remote Live Chat Sales Agent – Global Opportunity with arenaflex

Google Cloud Managed Instance Groups on Assured Workloads

Similar Opportunities

Google Cloud Trainer Conversational AI & CCAI Specialist

Google Cloud Solution Architect

Strategic Architect, Google Cloud

Google Cloud Platform DevOps Engineer

Senior Google Cloud Engineer O&M Lead

Google Cloud data engineer - Contract to Hire

Fully Remote Medical Coder- Must Have CCS Cert

Google Cloud Engineer -SME | Req#3966

Workspace Sales Specialist Manager III, Google Cloud

AI Phone Survey System – Hungarian Language (Google Gemini + Google Cloud) - Contract to Hire

Experienced Full-Time Data Entry Specialist – Remote Work Opportunity with Competitive Pay and Comprehensive Benefits at arenaflex

Engineering Manager, AI Powered: Custom Models

Marketing Lead Analyst Remote Contract

**Experienced Customer Service Representative – Part-Time Remote Opportunity in San Antonio Area**

Virtual Mental Health Therapist- Child Welfare, Virginia

Remote Non-QM Loan Underwriter- West Coast Only

Clinical Scheduler - Anesthesiology - Remote - Nationwide

**Experienced Remote Live Chat Customer Support Specialist – Join blithequark's Dynamic Team**

**Experienced Business Sales Professional – Work from Home Opportunity with Unlimited Earning Potential and Unparalleled Work-Life Balance**

**Experienced Part-Time Remote Live Chat Sales Agent – Global Opportunity with arenaflex**

Experienced Customer Service Representative – Part-Time Remote Opportunity in San Antonio Area

Experienced Remote Live Chat Customer Support Specialist – Join blithequark's Dynamic Team

Experienced Business Sales Professional – Work from Home Opportunity with Unlimited Earning Potential and Unparalleled Work-Life Balance

Experienced Part-Time Remote Live Chat Sales Agent – Global Opportunity with arenaflex