# Senior / Staff DevSecOps Engineer
**Company:** [Twenty](https://hotfix.jobs/companies/twenty)
**Location:** Arlington, VA
**Experience:** 8+ years
**Skills:** AWS, Terraform, IAM, Scps, Guardduty, Security Hub, Cloudtrail, Opa, Checkov, Tfsec, GitHub Actions, Docker, Trivy, Ansible, Pagerduty
**Posted:** 2026-04-15
> Builds and owns security infrastructure including runtime security, IAM, secrets management, CI/CD hardening, and compliance for cloud/container environments. Embeds with engineering teams to enable secure-by-default development using AWS, Terraform, and policy-as-code tools. Requires 8+ years DevSecOps experience.
## Job Description
## Responsibilities
- Own runtime security and vulnerability management across cloud and container environments, including triage, prioritization, and remediation tracking.
- Design and enforce identity and access management (IAM) across AWS and internal systems — least-privilege by default.
- Own secrets and credentials management: policies, tooling, rotation, and developer workflows.
- Lead security incident response: detection, containment, root cause analysis, and durable remediation.
- Manage AWS Organization structure, account boundaries, SCPs, and guardrails.
- Harden and maintain CI/CD pipelines, embedding security scanning and policy enforcement.
- Drive compliance efforts — own the evidence, controls, and remediation work to meet relevant frameworks.
- Build and maintain secure-by-default templates for repos, pipelines, and infrastructure modules.
- Reduce friction through automation: certificate issuance, secrets access, policy-as-code, and developer-facing tooling.
- Produce lightweight, practical security guidance for engineers.

## Requirements
- 8+ years in DevSecOps, platform security, or related security engineering role.
- Deep hands-on experience with **AWS** — IAM, SCPs, Organizations, security services (GuardDuty, Security Hub, CloudTrail).
- Strong IaC experience with **Terraform**; enforce security controls, policy-as-code (**OPA**, **Checkov**, **tfsec**), continuous compliance (**AWS Config Rules**).
- Experience owning secrets management end-to-end in production.
- Proven track record designing and hardening **CI/CD pipelines** (**GitHub Actions**).
- Hands-on with container security, including image scanning and runtime controls.
- Experience leading or contributing to compliance program; **CMMC Level 2** or **NIST SP 800-171** preferred.
- Run incident response — on call, post-mortem, shipped fixes.
- Strong communication skills to drive security adoption.

## Nice To Haves
- Experience growing a DSO or security engineering function.
- Familiarity with observability tooling (**LGTM stack**) for security signals.
- Background in configuration management (**Ansible**).
- Experience with developer-facing security platforms or internal tooling.
- Interest in growing into lead or manager role.

## Tech Environment
- Cloud: **AWS**, **Terraform**, **Ansible**
- Containers: **Docker**, **Docker Compose**
- CI/CD: **GitHub Actions**
- Vulnerability scanning: **Trivy**
- Observability: **Grafana**, **Loki**, **Tempo**, **Mimir**
- Alerting: **PagerDuty**
- Languages: **Go**, **TypeScript/Node**, **React**, **Python**
**Apply:** https://hotfix.jobs/jobs/senior-staff-devsecops-engineer-at-twenty-3d9d6ea3-7fe4-461a-89b1-4541983fa40a
**Canonical:** https://hotfix.jobs/jobs/senior-staff-devsecops-engineer-at-twenty-3d9d6ea3-7fe4-461a-89b1-4541983fa40a