Senior DevOps Engineer

About The Position

Requirements

• 5+ years of experience in Cloud Engineering, DevOps, SRE, Platform Engineering, or DevSecOps, with strong focus on security and automation.
• Demonstrated senior-level ownership of cloud infrastructure and CI/CD systems supporting production workloads.
• Deep knowledge of AWS core infrastructure and security services (e.g., IAM, VPC, EC2, RDS, DynamoDB, Lambda, SQS/SNS, ECS/ECR, CloudTrail, Config, Security Hub, Inspector).
• Strong knowledge of IAM design, network security controls, encryption systems (KMS, key rotation), secrets management, and secure service-to-service access patterns.
• Experience implementing vulnerability scanning and compliance controls using tools such as Ethyca, Security Hub, Inspector, Aqua, Prisma, or similar.
• Familiarity with container security, dependency security, and software supply chain security best practices.
• Strong proficiency with Infrastructure-as-Code tooling such as Terraform (preferred), CloudFormation, CDK, or Ansible.
• Proven ability to standardize environments and reduce human risk through automation.
• Experience with SIEM/log aggregation and incident workflows, including Splunk or comparable systems.
• Comfort supporting operational readiness through logs, traces, metrics, and post-incident analysis.
• Strong scripting/programming ability (Python preferred) for automation, tooling, and integrations.
• Experience with CI/CD tools (GitHub Actions, Jenkins, CodePipeline, or similar).
• Familiarity with observability tooling (Prometheus, Grafana, ELK/EFK, or equivalents).
• Strong Linux/Unix command-line skills and solid networking fundamentals (TCP/IP, DNS, VPNs, firewalls, load balancing).

Nice To Haves

• AWS certifications: Solutions Architect, Security Specialty, or DevOps Engineer – Professional.
• Experience implementing Zero Trust principles and modern identity-driven security patterns.
• Hands-on experience with cloud-native security architecture for microservices and serverless environments.
• Background in security operations, incident response, and security program execution in regulated environments.

Responsibilities

• Establish and enforce cloud security standards across AWS, including IAM, network segmentation, encryption, secrets management, and secure workload patterns.
• Implement continuous security posture monitoring aligned to the AWS Well-Architected Framework and security best practices (e.g., CIS benchmarks, NIST guidance, ISO principles).
• Design automated guardrails for vulnerability management, patching, configuration drift detection, key rotation, and secrets lifecycle management.
• Improve detection and response readiness through centralized logging, alerting, and security event workflows.
• Own the technical engagement with security and data privacy auditors, serving as Tunnl’s primary point of contact for infrastructure, cloud security, and DevSecOps controls.
• Architect and maintain CI/CD pipelines with built-in security scanning and enforcement (SAST/DAST, dependency scanning, IaC scanning, artifact signing, policy-as-code).
• Implement repeatable, secure infrastructure deployment using Infrastructure-as-Code (Terraform and/or equivalent tooling).
• Build and maintain containerized and cloud-native deployment environments (Docker, Kubernetes and/or ECS/Fargate) with hardened images, runtime controls, and supply chain protections.
• Improve developer experience by making secure workflows easy, fast, and consistent across engineering teams.
• Help define and implement standards for availability, backup/restore, disaster recovery, and operational maturity.
• Partner with engineering leadership to evolve incident response practices including on-call readiness, runbooks, and post-incident learning loops.
• Proactively identify reliability/security risks, prioritize remediation, and drive cross-team follow-through.
• Partner across software, data, and cyber teams to ensure security requirements are integrated into system design and delivery.
• Serve as a trusted advisor to engineering leadership on cloud security strategy, risk tradeoffs, and platform evolution.
• Coach engineers on DevOps patterns, secure-by-default architecture, and operational excellence.
• Communicate clearly with both technical and non-technical stakeholders to build trust and adoption of platform/security initiatives.
• Contribute to Tunnl’s mission and culture through principled execution, respectful collaboration, and high ownership.

Benefits

• Comprehensive benefits with excellent medical, vision, and dental coverage.
• Health Savings Account (HSA) and Flexible Spending Account (FSA) options.
• Employer-paid life insurance & short-term & long-term disability, with other voluntary additional coverage available (accident, critical illness, hospital indemnity).
• Flexible paid vacation plus 80 hours of paid sick leave.
• 10 paid company holidays per year.
• 401(k) plan with 100% match up to 3%, plus 50% match up to 5% (subject to IRS limits).
• Cell phone reimbursement stipend.
• Monthly parking or commuter stipend for VA-based employees.