Senior DevSecOps Engineer

Role Overview
Tunnl is seeking a highly skilled, security-minded Senior DevSecOps Engineer to help design, build, and secure our cloud infrastructure and software delivery pipelines. You will partner closely with software engineering, data science / machine learning, data engineering, cyber/security, and platform teams to create a secure, scalable, resilient foundation for solutions that support some of society’s biggest challenges.

This role blends deep DevOps engineering capability with security-first thinking. You will embed security controls into CI/CD, automate compliance guardrails, and raise the bar for infrastructure reliability and cloud security practices across AWS (with awareness of CLOUD best practices). You will help ensure that security, governance, and operational excellence are built into how Tunnl ships software, not bolted on afterward.

If you thrive at the intersection of cloud engineering, automation, and applied security, this role will be a strong fit.

How You Will Contribute
Cloud & Infrastructure Security
- Establish and enforce cloud security standards across AWS, including IAM, network segmentation, encryption, secrets management, and secure workload patterns.
- Implement continuous security posture monitoring aligned to the AWS Well-Architected Framework and security best practices (e.g., CIS benchmarks, NIST guidance, ISO principles).
- Design automated guardrails for vulnerability management, patching, configuration drift detection, key rotation, and secrets lifecycle management.
- Improve detection and response readiness through centralized logging, alerting, and security event workflows.
- Own the technical engagement with security and data privacy auditors, serving as Tunnl’s primary point of contact for infrastructure, cloud security, and DevSecOps controls.

DevOps, CI/CD, and Delivery Automation
- Architect and maintain CI/CD pipelines with built-in security scanning and enforcement (SAST/DAST, dependency scanning, IaC scanning, artifact signing, policy-as-code).
- Implement repeatable, secure infrastructure deployment using Infrastructure-as-Code (Terraform and/or equivalent tooling).
- Build and maintain containerized and cloud-native deployment environments (Docker, Kubernetes and/or ECS/Fargate) with hardened images, runtime controls, and supply chain protections.
- Improve developer experience by making secure workflows easy, fast, and consistent across engineering teams.

Reliability, Resilience, and Operational Excellence
- Help define and implement standards for availability, backup/restore, disaster recovery, and operational maturity.
- Partner with engineering leadership to evolve incident response practices including on-call readiness, runbooks, and post-incident learning loops.
- Proactively identify reliability/security risks, prioritize remediation, and drive cross-team follow-through.

Collaboration & Technical Leadership
- Partner across software, data, and cyber teams to ensure security requirements are integrated into system design and delivery.
- Serve as a trusted advisor to engineering leadership on cloud security strategy, risk tradeoffs, and platform evolution.
- Coach engineers on DevSecOps patterns, secure-by-default architecture, and operational excellence.
- Communicate clearly with both technical and non-technical stakeholders to build trust and adoption of platform/security initiatives.
- Contribute to Tunnl’s mission and culture through principled execution, respectful collaboration, and high ownership.

What You Will Bring
Experience
- 5+ years of experience in Cloud Engineering, DevOps, SRE, Platform Engineering, or DevSecOps, with strong focus on security and automation.
- Demonstrated senior-level ownership of cloud infrastructure and CI/CD systems supporting production workloads.

Cloud Platform Expertise
- Deep knowledge of AWS core infrastructure and security services (e.g., IAM, VPC, EC2, RDS, DynamoDB, Lambda, SQS/SNS, ECS/ECR, CloudTrail, Config, Security Hub, Inspector).

Security Engineering & Governance
- Strong knowledge of IAM design, network security controls, encryption systems (KMS, key rotation), secrets management, and secure service-to-service access patterns.
- Experience implementing vulnerability scanning and compliance controls using tools such as Ethyca, Security Hub, Inspector, Aqua, Prisma, or similar.
- Familiarity with container security, dependency security, and software supply chain security best practices.

Automation & Infrastructure-as-Code
- Strong proficiency with Infrastructure-as-Code tooling such as Terraform (preferred), CloudFormation, CDK, or Ansible.
- Proven ability to standardize environments and reduce human risk through automation.

Observability & Incident Readiness
- Experience with SIEM/log aggregation and incident workflows, including Splunk or comparable systems.
- Comfort supporting operational readiness through logs, traces, metrics, and post-incident analysis.

Engineering Fundamentals
- Strong scripting/programming ability (Python preferred) for automation, tooling, and integrations.
- Experience with CI/CD tools (GitHub Actions, Jenkins, CodePipeline, or similar).
- Familiarity with observability tooling (Prometheus, Grafana, ELK/EFK, or equivalents).
- Strong Linux/Unix command-line skills and solid networking fundamentals (TCP/IP, DNS, VPNs, firewalls, load balancing).

Expertise That Will Set You Apart
- AWS certifications: Solutions Architect, Security Specialty, or DevOps Engineer – Professional.
- Experience implementing Zero Trust principles and modern identity-driven security patterns.
- Hands-on experience with cloud-native security architecture for microservices and serverless environments.
- Background in security operations, incident response, and security program execution in regulated environments.

Why You Should Apply
- Join a team driven by curiosity, teamwork, integrity, and a shared passion for solving big challenges.
- A friendly, welcoming, and supportive culture with regular social and team events.
- Eligible for the Company Bonus Plan (targeting 15% of Base Salary).
- Comprehensive benefits with excellent medical, vision, and dental coverage.
Health Savings Account (HSA) and Flexible Spending Account (FSA) options.
- Employer-paid life insurance, with voluntary additional coverage available.
- Voluntary short- and long-term disability, accident, and critical illness insurance.
- Flexible hybrid work policy.
- Flexible unlimited paid vacation plus 80 hours of paid sick leave.
- 10 paid company holidays per year plus the week between Christmas and New Year’s off.
- 401(k) plan with 100% match up to 3%, plus 50% match up to 5% (subject to IRS limits).
- Cell phone reimbursement stipend.
- Monthly parking or commuter stipend for VA-based employees.

About Tunnl
Tunnl is leveraging AI to erase the boundaries between insights, audiences, and outcomes to ensure every piece of intelligence can be acted on.

We combine the judgment of seasoned data experts with the power of artificial intelligence to help organizations find and connect with the people who matter most. With years of experience embedded in our platform, we enable research at scale, define the right audiences, surface powerful insights, identify optimal communication channels, and measure changing attitudes over time—all in one experience built to eliminate data silos.

Tunnl serves brands, agencies, and advocacy groups—organizations navigating core communication campaigns, corporate reputation, and complex regulatory landscapes.