Senior DevOps Engineer

About Tunnl

Tunnl is building a future where artificial intelligence enables organizations to connect meaningfully with the people who matter most. We help organizations conduct research at scale, define the right audiences, surface real-time insights, identify optimal communication channels, and measure changing attitudes over time.

Tunnl serves brands, agencies, and advocacy groups alike - organizations navigating complex communications, reputational, and regulatory landscapes. These teams need smarter, faster ways to make audience-informed decisions that stand up to scrutiny and resonate across stakeholder groups. Whether you're building a brand, shaping public opinion, managing risk, or launching a new initiative, Tunnl empowers you to move from insight to impact with clarity & confidence.

Role Overview

Tunnl is seeking a highly skilled, security-minded Senior DevOps Engineer to help design, build, and secure our cloud infrastructure and software delivery pipelines. You will partner closely with software engineering, data science / machine learning, data engineering, cyber/security, and platform teams to create a secure, scalable, resilient foundation for solutions that support some of society’s biggest challenges.

This role blends deep DevOps engineering capability with security-first thinking. You will embed security controls into CI/CD, automate compliance guardrails, and raise the bar for infrastructure reliability and cloud security practices across AWS (with awareness of CLOUD best practices). You will help ensure that security, governance, and operational excellence are built into how Tunnl ships software, not bolted on afterward.

If you thrive at the intersection of cloud engineering, automation, and applied security, this role will be a strong fit.

How You Will Contribute

Cloud & Infrastructure Security

• Establish and enforce cloud security standards across AWS, including IAM, network segmentation, encryption, secrets management, and secure workload patterns.

• Implement continuous security posture monitoring aligned to the AWS Well-Architected Framework and security best practices (e.g., CIS benchmarks, NIST guidance, ISO principles).

• Design automated guardrails for vulnerability management, patching, configuration drift detection, key rotation, and secrets lifecycle management.

• Improve detection and response readiness through centralized logging, alerting, and security event workflows.

• Own the technical engagement with security and data privacy auditors, serving as Tunnl’s primary point of contact for infrastructure, cloud security, and DevSecOps controls.

DevOps, CI/CD, and Delivery Automation

• Architect and maintain CI/CD pipelines with built-in security scanning and enforcement (SAST/DAST, dependency scanning, IaC scanning, artifact signing, policy-as-code).

• Implement repeatable, secure infrastructure deployment using Infrastructure-as-Code (Terraform and/or equivalent tooling).

• Build and maintain containerized and cloud-native deployment environments (Docker, Kubernetes and/or ECS/Fargate) with hardened images, runtime controls, and supply chain protections.

• Improve developer experience by making secure workflows easy, fast, and consistent across engineering teams.

Reliability, Resilience, and Operational Excellence

• Help define and implement standards for availability, backup/restore, disaster recovery, and operational maturity.

• Partner with engineering leadership to evolve incident response practices including on-call readiness, runbooks, and post-incident learning loops.

• Proactively identify reliability/security risks, prioritize remediation, and drive cross-team follow-through.

Collaboration & Technical Leadership

• Partner across software, data, and cyber teams to ensure security requirements are integrated into system design and delivery.

• Serve as a trusted advisor to engineering leadership on cloud security strategy, risk tradeoffs, and platform evolution.

• Coach engineers on DevOps patterns, secure-by-default architecture, and operational excellence.

• Communicate clearly with both technical and non-technical stakeholders to build trust and adoption of platform/security initiatives.

• Contribute to Tunnl’s mission and culture through principled execution, respectful collaboration, and high ownership.

What You Will Bring

Experience

• 5+ years of experience in Cloud Engineering, DevOps, SRE, Platform Engineering, or DevSecOps, with strong focus on security and automation.

• Demonstrated senior-level ownership of cloud infrastructure and CI/CD systems supporting production workloads.

Cloud Platform Expertise

• Deep knowledge of AWS core infrastructure and security services (e.g., IAM, VPC, EC2, RDS, DynamoDB, Lambda, SQS/SNS, ECS/ECR, CloudTrail, Config, Security Hub, Inspector).

Security Engineering & Governance

• Strong knowledge of IAM design, network security controls, encryption systems (KMS, key rotation), secrets management, and secure service-to-service access patterns.

• Experience implementing vulnerability scanning and compliance controls using tools such as Ethyca, Security Hub, Inspector, Aqua, Prisma, or similar.

• Familiarity with container security, dependency security, and software supply chain security best practices.

Automation & Infrastructure-as-Code

• Strong proficiency with Infrastructure-as-Code tooling such as Terraform (preferred), CloudFormation, CDK, or Ansible.

• Proven ability to standardize environments and reduce human risk through automation.

Observability & Incident Readiness

• Experience with SIEM/log aggregation and incident workflows, including Splunk or comparable systems.

• Comfort supporting operational readiness through logs, traces, metrics, and post-incident analysis.

Engineering Fundamentals

• Strong scripting/programming ability (Python preferred) for automation, tooling, and integrations.

• Experience with CI/CD tools (GitHub Actions, Jenkins, CodePipeline, or similar).

• Familiarity with observability tooling (Prometheus, Grafana, ELK/EFK, or equivalents).

• Strong Linux/Unix command-line skills and solid networking fundamentals (TCP/IP, DNS, VPNs, firewalls, load balancing).

Expertise That Will Set You Apart

• AWS certifications: Solutions Architect, Security Specialty, or DevOps Engineer – Professional.

• Experience implementing Zero Trust principles and modern identity-driven security patterns.

• Hands-on experience with cloud-native security architecture for microservices and serverless environments.

• Background in security operations, incident response, and security program execution in regulated environments.

Why You Should Apply:

• Join a team driven by curiosity, teamwork, integrity, and a shared passion for solving big challenges.

• A friendly, welcoming, and supportive culture with regular social and team events.

• Comprehensive benefits with excellent medical, vision, and dental coverage.

• Health Savings Account (HSA) and Flexible Spending Account (FSA) options.

• Employer-paid life insurance & short-term & long-term disability, with other voluntary additional coverage available (accident, critical illness, hospital indemnity).

• Flexible hybrid work policy.

• Flexible paid vacation plus 80 hours of paid sick leave.

• 10 paid company holidays per year.

• 401(k) plan with 100% match up to 3%, plus 50% match up to 5% (subject to IRS limits).

• Cell phone reimbursement stipend.

• Monthly parking or commuter stipend for VA-based employees.