Senior / Staff DevSecOps Engineer

Senior / Staff DevSecOps Engineer ABOUT THE COMPANY At Twenty, we're taking on one of the most critical challenges of our time: defending democracies in the digital age. We develop revolutionary technologies that operate at the intersection of the cyber and electromagnetic domains, where the speed of operations exceeds human sensing and complexity transcends conventional boundaries. Our team doesn't just solve problems – we deliver game-changing outcomes that directly impact national security. We're pragmatic optimists who understand that while our mission of protecting America and its allies is challenging, success is possible. ROLE SUMMARY You'll build and own the security infrastructure that keeps Twenty's engineering systems safe without slowing engineers down. This role spans runtime security, access control, secrets management, compliance, and CI/CD hardening — but it's equally about making security the path of least resistance. You'll embed with our engineering teams, design secure-by-default foundations, and build the tooling and automation that lets developers move fast without cutting corners. You'll report directly to the VP of Engineering and operate as a shared function across our product teams. WHO YOU ARE - You believe security should be a force multiplier for engineering, not a gatekeeper. - You take ownership end-to-end: from identifying a risk to designing the control to shipping the fix. - You bring high judgment to tradeoffs — you know when to enforce hard controls and when friction kills adoption. - You communicate clearly with both engineers and non-technical stakeholders, and you translate risk into plain language. - You prefer automation over policy: if an engineer has to do something manually to stay secure, you see that as a bug. - You hold a high bar for reliability and auditability in the systems you build. - You're self-directed and thrive in an environment where the function is new and you're defining it. WHAT YOU'LL DO - Own runtime security and vulnerability management across cloud and container environments, including triage, prioritization, and remediation tracking. - Design and enforce identity and access management (IAM) across AWS and internal systems — least-privilege by default. - Own secrets and credentials management: policies, tooling, rotation, and developer workflows that make doing the right thing easy. - Lead security incident response: detection, containment, root cause analysis, and durable remediation. - Manage AWS Organization structure, account boundaries, SCPs, and guardrails. - Harden and maintain CI/CD pipelines, embedding security scanning and policy enforcement into the software delivery lifecycle. - Drive compliance efforts — own the evidence, controls, and remediation work to meet and maintain relevant frameworks. - Build and maintain secure-by-default templates for repos, pipelines, and infrastructure modules. - Reduce friction through automation: certificate issuance, secrets access, policy-as-code, and developer-facing tooling. - Produce lightweight, practical security guidance that engineers actually use. - Shape the direction of the DSO function as it scales, and contribute to hiring and team-building as we grow. MUST HAVE - 8+ years in DevSecOps, platform security, or a closely related security engineering role. - Deep hands-on experience with AWS — IAM, SCPs, Organizations, security services (GuardDuty, Security Hub, CloudTrail, etc.). - Strong IaC experience with Terraform; you've used it to enforce security controls, not just provision infrastructure — and you've layered in policy-as-code tooling (e.g., OPA, Checkov, tfsec) or continuous compliance checks (e.g., AWS Config Rules) to catch drift and misconfigurations. - Experience owning secrets management end-to-end in a production engineering environment. - Proven track record designing and hardening CI/CD pipelines (we use GitHub Actions). - Hands-on experience with container se ... (truncated, view full listing at source)