Senior Staff DevOps Engineer - CI/CD & Release Engineering

Sonatus•Sunnyvale, CA

6h•$198,000 - $260,000•Hybrid

About The Position

At Sonatus, we’re driving the transformation to AI-enabled software-defined vehicles. Traditional automotive software methods can’t keep pace with consumer expectations shaped by the mobile industry—where features evolve rapidly, update seamlessly, and improve continuously. That’s why leading OEMs trust Sonatus to accelerate this shift. Our technology is already in production across more than 6 million vehicles on the road today and rapidly expanding. Headquartered in Sunnyvale, CA, with 250+ employees worldwide, Sonatus combines the agility of a fast-growing company with the scale and impact of an established partner. Backed by strong funding and proven by global deployment, we’re solving some of the most interesting and complex challenges in the industry. Join us and help redefine what’s possible as we shape the future of mobility. Role Summary: Sonatus builds the software platform for AI-enabled, software-defined vehicles. Our CI/CD platform serves over 200 repositories across three product lines, producing firmware that ships to automotive OEMs. We are looking for a Sr. Staff DevOps Engineer to own the delivery platform: CI/CD pipelines, release automation, artifact management, build tooling, and the instrumentation that tells us whether it's all working. Today, our delivery infrastructure is fragmented — multiple Jenkins instances configured by hand, release processes driven by ad-hoc scripts, and no unified metrics on how software moves from commit to customer. You will consolidate this into a unified, codified, observable delivery platform. You think in terms of systems, supply chains, and feedback loops — not individual pipelines.

Requirements

10+ years in DevOps, SRE, or release engineering, with hands-on ownership of CI/CD platforms at scale — not just pipeline authoring, but platform architecture, reliability, and evolution
CI/CD platform expertise — Deep experience with Jenkins (multi-controller, shared libraries, JCasC, distributed agents) or equivalent enterprise CI/CD platform. You've operated the platform, not just consumed it
Release engineering — You have owned or built release automation for a multi-product software organization. You understand branching strategies, semantic versioning, promotion workflows, and customer delivery mechanics
Artifact management — Experience with JFrog Artifactory, Nexus, or similar. You've designed repository structures, managed token lifecycles, and implemented retention policies at scale
Infrastructure as Code mindset — Terraform or equivalent for managing platform configuration as code. You treat configuration drift as a bug. Jenkins configured through a UI is a problem to solve, not a steady state
Observability and instrumentation — You have implemented DORA metrics, build SLOs, or equivalent delivery pipeline instrumentation. Experience with Prometheus/Grafana, OpenTelemetry, or similar stacks
Software supply chain awareness — Dependency management, credential hygiene, security scanning integration (SAST/SCA), and the principles behind reproducible builds. You understand why "it works on the build server" is not acceptable

Nice To Haves

GitHub Actions at scale (ARC self-hosted runners, OIDC authentication, org-wide reusable workflows)
Embedded build toolchains (Bazel, Yocto, CMake cross-compilation)
Automotive compliance experience (ESIR-ISIR, ASPICE, MISRA)
Experience migrating or consolidating legacy CI/CD infrastructure into modern platforms

Responsibilities

CI/CD platform architecture — Own the consolidation and evolution of multiple Jenkins instances into a unified, configuration-as-code managed platform. Drive the migration strategy across Jenkins and GitHub Actions for 200+ repositories. Design shared pipeline libraries and patterns that scale across product lines without fragmenting into per-team forks.
Release engineering — Own the release tooling and automation for multi-product releases spanning three hardware platforms and multiple automotive customers. Tagging, branching, config generation, and customer artifact delivery. The current toolchain is functional but brittle — your job is to make releases reliable, repeatable, and auditable.
Artifact lifecycle management — Own the Artifactory platform (JFrog SaaS): repository structure, retention policies, token lifecycle, build promotion from staging to release, and customer-facing distribution. You manage the full artifact flow from build output to customer delivery.
Build tooling and reproducibility — Own the build system architecture across three divergent toolchains: Bazel for hermetic static builds, CMake for the embedded monorepo, and Yocto for custom embedded distributions. Drive toward reproducible, cacheable, fast builds regardless of the underlying toolchain.
Security scanning integration — Own the integration of static analysis (Coverity) and software composition analysis (BlackDuck) into CI/CD pipelines. Automate scan scheduling, report generation, and quality gate enforcement to meet automotive compliance requirements (ESIR-ISIR).
CI/CD observability and DORA metrics — Instrument the delivery pipeline with OpenTelemetry. Define and measure the four DORA metrics: deployment frequency, lead time for changes, change failure rate, and mean time to recovery. Build dashboards that make delivery health visible. Own the 30-minute build SLO.
Software supply chain — Own dependency management, credential lifecycle, artifact provenance, and the path toward SBOM generation. Eliminate manual credential management and single-person dependencies from the delivery pipeline. Every artifact should be traceable from the source commit to customer delivery.