At Sonatype, we empower developers with best-in-class tools to build secure, high-quality software at scale. Our mission is to create a world where software is always secure and developers can innovate without fear. Trusted by thousands of organizations, including Fortune 500 companies, we are pioneers in software supply chain management, open-source security, and DevSecOps.
We are looking for a GCP DevOps Engineer to help us shape the future of secure software development. If you love solving complex problems, working with cloud-native platforms, and mentoring engineering teams, we would love to hear from you.
As a GCP DevOps Engineer, you will play a critical role in designing, automating, and scaling Sonatype's engineering platform and delivery systems on GCP. You will lead infrastructure and CI/CD modernization, improve reliability and security, and guide teams on platform engineering and DevOps best practices.
Key Responsibilities
- 6+ years of design, implement, and evolve GCP-based infrastructure using Infrastructure as Code with Terraform and Google Cloud deployment automation patterns.
- Build and maintain scalable CI/CD pipelines using Cloud Build, GitHub Actions, Jenkins, or equivalent platforms for application, infrastructure, and platform workloads.
- Administer and optimize GCP delivery workflows including Cloud Build triggers, Artifact Registry, source integrations, deployment approvals, and service account access patterns.
- Partner with engineering teams to improve build, release, and deployment workflows across microservices and cloud-native applications.
- Implement robust observability across systems using Google Cloud Operations Suite, Cloud Logging, Cloud Monitoring, and related telemetry tooling.
- Strengthen platform security by integrating secrets management, policy enforcement, vulnerability scanning, and least-privilege access controls.
- Manage and optimize containerized environments using Kubernetes, Helm, and Google Kubernetes Engine (GKE).
- Drive reliability engineering practices including incident response, root cause analysis, SLO thinking, and automated remediation where appropriate.
- Standardize reusable templates, modules, and platform patterns that improve developer productivity and consistency.
- Mentor engineers and provide technical leadership on GCP architecture, deployment automation, release governance, and DevSecOps practices.
What We Are Looking For
- 6+ years of strong experience in DevOps, platform engineering, or site reliability engineering roles supporting modern software delivery.
- Deep hands-on expertise with Google Cloud Platform, including compute, networking, IAM, storage, monitoring, and security services.
- Strong experience with GCP-native or integrated CI/CD pipeline design for multiple application stacks and deployment patterns.
- Experience with Infrastructure as Code using Terraform, Deployment Manager alternatives, or equivalent automation frameworks.
- Proficiency with containers and orchestration platforms such as Docker and Kubernetes, preferably with GKE experience.
- Experience with scripting and automation using Python, Bash, PowerShell, or similar languages.
- Solid understanding of source control workflows, package management, artifact promotion, and release strategies.
- Experience implementing observability, logging, alerting, and operational dashboards for production systems.
- Strong understanding of cloud security, IAM, secrets management, compliance controls, and secure software delivery practices.
- Excellent collaboration and communication skills, with the ability to influence technical direction across teams.
Nice to Have
- Experience with GitHub, SonarQube, Nexus Repository, or software supply chain security tooling.
- Familiarity with multi-cloud environments and migration patterns from AWS or on-premises platforms to GCP.
- Exposure to policy-as-code, platform engineering, developer portals, or internal developer platform concepts.
- Experience supporting regulated or enterprise-scale environments with strong governance requirements.
Why This Role Matters
This role helps create the engineering foundation that enables teams to ship securely, reliably, and quickly. You will influence how Sonatype scales its platform capabilities, improves developer experience, and advances its DevSecOps maturity on GCP.
You will work at the intersection of infrastructure, automation, security, and developer enablement, making a direct impact on product velocity and operational excellence.
Things that we are proud of
- 2025 AI Compliance Solution of the Year - AI Breakthrough Awards
2025 DEVIES Award to our SBOM Manager new product for its innovation and impact in developer technology
2024 Industry Leader in Forrester-Wave for Software Composition Analysis (2024 Q4 report)
2023 Fast Company Best Places for Innovators
2023 Gartner's Magic Quadrant
2023 Software Report's Top 100 Software Companies
2023 BuiltIn Best Places to Work
2022 Frost & Sullivan Technology Innovation Leader Award
2022 PeerSpot Silver Peer Award in Software Composition Analysis
2022 Tech Ascension Best DevOps Security Solution Award
2022 NVCT Cyber Company of the Year
Company Wellness Week - We shut down company operations for a week to enable all employees to pursue personal growth and enjoy a much-needed and deserved rest.
Paid Volunteer Time Off (VTO)
Expansion of Sonatype’s India Innovation Hub in Hyderabad, reflecting our continued growth, commitment to innovation, and investment in talent to advance AI-driven software security globally
Skills Required
- 6+ years of experience in DevOps, platform engineering, or site reliability engineering
- Deep hands-on expertise with Google Cloud Platform
- Strong experience with CI/CD pipeline design
- Experience with Infrastructure as Code using Terraform
- Proficiency with containers and orchestration platforms such as Kubernetes
- Experience with scripting and automation using languages like Python, Bash
- Strong understanding of cloud security and secure software delivery practices
What We Do
The Sonatype journey started almost 15 years ago, just as the concept of “open source” software development was gaining steam. From our humble beginning as core contributors to Apache Maven, to supporting the world’s largest repository of open source components (Central), to distributing the world's most popular repository manager (Nexus), we’ve played a meaningful role in helping the world embrace the power of open innovation. We empower developers and security professionals with intelligent tools to innovate more securely at scale. Our platform addresses every element of an organization’s entire software development life cycle, including third-party open source code, first-party source code, and containerized code. Sonatype identifies critical security vulnerabilities and code quality issues and reports results directly to developers when they can most effectively fix them. This helps organizations develop consistently high-quality, secure software which fully meets their business needs and those of their end-customers and partners. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers rely on our tools and guidance to help them deliver and maintain exceptional and secure software.
Why Work With Us
We're on a mission to change how the world innovates by making software development easier. Already used by 15 million developers, we have lofty goals for our technology to be in the hands of every engineering team. And, we need you to do that. Join us!
Gallery
.jpeg)
