Senior Staff DevOps Engineer - CI/CD & Release Engineering

Sonatus builds the software platform for AI-enabled, software-defined vehicles. Our CI/CD platform serves over 200 repositories across three product lines, producing firmware that ships to automotive OEMs. We are looking for a Sr. Staff DevOps Engineer to own the delivery platform: CI/CD pipelines, release automation, artifact management, build tooling, and the instrumentation that tells us whether it's all working.

Today, our delivery infrastructure is fragmented — multiple Jenkins instances configured by hand, release processes driven by ad-hoc scripts, and no unified metrics on how software moves from commit to customer. You will consolidate this into a unified, codified, observable delivery platform. You think in terms of systems, supply chains, and feedback loops — not individual pipelines.

CI/CD platform architecture — Own the consolidation and evolution of multiple Jenkins instances into a unified, configuration-as-code managed platform. Drive the migration strategy across Jenkins and GitHub Actions for 200+ repositories. Design shared pipeline libraries and patterns that scale across product lines without fragmenting into per-team forks.

Release engineering — Own the release tooling and automation for multi-product releases spanning three hardware platforms and multiple automotive customers. Tagging, branching, config generation, and customer artifact delivery. The current toolchain is functional but brittle — your job is to make releases reliable, repeatable, and auditable.

Artifact lifecycle management — Own the Artifactory platform (JFrog SaaS): repository structure, retention policies, token lifecycle, build promotion from staging to release, and customer-facing distribution. You manage the full artifact flow from build output to customer delivery.

Build tooling and reproducibility — Own the build system architecture across three divergent toolchains: Bazel for hermetic static builds, CMake for the embedded monorepo, and Yocto for custom embedded distributions. Drive toward reproducible, cacheable, fast builds regardless of the underlying toolchain.

Security scanning integration — Own the integration of static analysis (Coverity) and software composition analysis (BlackDuck) into CI/CD pipelines. Automate scan scheduling, report generation, and quality gate enforcement to meet automotive compliance requirements (ESIR-ISIR).

CI/CD observability and DORA metrics — Instrument the delivery pipeline with OpenTelemetry. Define and measure the four DORA metrics: deployment frequency, lead time for changes, change failure rate, and mean time to recovery. Build dashboards that make delivery health visible. Own the 30-minute build SLO.

Software supply chain — Own dependency management, credential lifecycle, artifact provenance, and the path toward SBOM generation. Eliminate manual credential management and single-person dependencies from the delivery pipeline. Every artifact should be traceable from the source commit to customer delivery.

• 10+ years in DevOps, SRE, or release engineering, with hands-on ownership of CI/CD platforms at scale — not just pipeline authoring, but platform architecture, reliability, and evolution
• CI/CD platform expertise — Deep experience with Jenkins (multi-controller, shared libraries, JCasC, distributed agents) or equivalent enterprise CI/CD platform. You've operated the platform, not just consumed it
• Release engineering — You have owned or built release automation for a multi-product software organization. You understand branching strategies, semantic versioning, promotion workflows, and customer delivery mechanics
• Artifact management — Experience with JFrog Artifactory, Nexus, or similar. You've designed repository structures, managed token lifecycles, and implemented retention policies at scale
• Infrastructure as Code mindset — Terraform or equivalent for managing platform configuration as code. You treat configuration drift as a bug. Jenkins configured through a UI is a problem to solve, not a steady state
• Observability and instrumentation — You have implemented DORA metrics, build SLOs, or equivalent delivery pipeline instrumentation. Experience with Prometheus/Grafana, OpenTelemetry, or similar stacks
• Software supply chain awareness — Dependency management, credential hygiene, security scanning integration (SAST/SCA), and the principles behind reproducible builds. You understand why "it works on the build server" is not acceptable

• GitHub Actions at scale (ARC self-hosted runners, OIDC authentication, org-wide reusable workflows)
• Embedded build toolchains (Bazel, Yocto, CMake cross-compilation)
• Automotive compliance experience (ESIR-ISIR, ASPICE, MISRA)
• Experience migrating or consolidating legacy CI/CD infrastructure into modern platforms