Key skills
PythonArtificial IntelligenceAWSTerraformKubernetesDockerJenkinsGitHub ActionsAnsibleServerlessECSFargateCloudFormationEC2LambdaDynamoDBRDSIAMSNSSQSCodePipelinePrismaPrometheusGrafanaSplunkGitHubLoad BalancingCI/CDLeadershipCollaborationNetwork SecurityCloud SecurityZero Trust
About this role
Tunnl is building a future where artificial intelligence enables organizations to connect meaningfully with the people who matter most. They are seeking a highly skilled, security-minded Senior DevOps Engineer to help design, build, and secure their cloud infrastructure and software delivery pipelines.
Responsibilities:
- Establish and enforce cloud security standards across AWS, including IAM, network segmentation, encryption, secrets management, and secure workload patterns
- Implement continuous security posture monitoring aligned to the AWS Well-Architected Framework and security best practices (e.g., CIS benchmarks, NIST guidance, ISO principles)
- Design automated guardrails for vulnerability management, patching, configuration drift detection, key rotation, and secrets lifecycle management
- Improve detection and response readiness through centralized logging, alerting, and security event workflows
- Own the technical engagement with security and data privacy auditors, serving as Tunnl’s primary point of contact for infrastructure, cloud security, and DevSecOps controls
- Architect and maintain CI/CD pipelines with built-in security scanning and enforcement (SAST/DAST, dependency scanning, IaC scanning, artifact signing, policy-as-code)
- Implement repeatable, secure infrastructure deployment using Infrastructure-as-Code (Terraform and/or equivalent tooling)
- Build and maintain containerized and cloud-native deployment environments (Docker, Kubernetes and/or ECS/Fargate) with hardened images, runtime controls, and supply chain protections
- Improve developer experience by making secure workflows easy, fast, and consistent across engineering teams
- Help define and implement standards for availability, backup/restore, disaster recovery, and operational maturity
- Partner with engineering leadership to evolve incident response practices including on-call readiness, runbooks, and post-incident learning loops
- Proactively identify reliability/security risks, prioritize remediation, and drive cross-team follow-through
- Partner across software, data, and cyber teams to ensure security requirements are integrated into system design and delivery
- Serve as a trusted advisor to engineering leadership on cloud security strategy, risk tradeoffs, and platform evolution
- Coach engineers on DevOps patterns, secure-by-default architecture, and operational excellence
- Communicate clearly with both technical and non-technical stakeholders to build trust and adoption of platform/security initiatives
- Contribute to Tunnl’s mission and culture through principled execution, respectful collaboration, and high ownership
Requirements:
- 5+ years of experience in Cloud Engineering, DevOps, SRE, Platform Engineering, or DevSecOps, with strong focus on security and automation
- Demonstrated senior-level ownership of cloud infrastructure and CI/CD systems supporting production workloads
- Deep knowledge of AWS core infrastructure and security services (e.g., IAM, VPC, EC2, RDS, DynamoDB, Lambda, SQS/SNS, ECS/ECR, CloudTrail, Config, Security Hub, Inspector)
- Strong knowledge of IAM design, network security controls, encryption systems (KMS, key rotation), secrets management, and secure service-to-service access patterns
- Experience implementing vulnerability scanning and compliance controls using tools such as Ethyca, Security Hub, Inspector, Aqua, Prisma, or similar
- Familiarity with container security, dependency security, and software supply chain security best practices
- Strong proficiency with Infrastructure-as-Code tooling such as Terraform (preferred), CloudFormation, CDK, or Ansible
- Proven ability to standardize environments and reduce human risk through automation
- Experience with SIEM/log aggregation and incident workflows, including Splunk or comparable systems
- Comfort supporting operational readiness through logs, traces, metrics, and post-incident analysis
- Strong scripting/programming ability (Python preferred) for automation, tooling, and integrations
- Experience with CI/CD tools (GitHub Actions, Jenkins, CodePipeline, or similar)
- Familiarity with observability tooling (Prometheus, Grafana, ELK/EFK, or equivalents)
- Strong Linux/Unix command-line skills and solid networking fundamentals (TCP/IP, DNS, VPNs, firewalls, load balancing)
- AWS certifications: Solutions Architect, Security Specialty, or DevOps Engineer – Professional
- Experience implementing Zero Trust principles and modern identity-driven security patterns
- Hands-on experience with cloud-native security architecture for microservices and serverless environments
- Background in security operations, incident response, and security program execution in regulated environments