Key skills
JavaAgenticAWSAzureGCPRepositoryMentoring
About this role
Sonatype is the software supply chain security company. As an agentic-first Staff Software Engineer, you will lead the design and delivery of enterprise-grade capabilities within Nexus Repository Manager, setting technical direction and mentoring other engineers to secure software supply chains at scale.
Responsibilities:
- Drive the technical design of major agentic-first subsystems — service architecture, data models, and agent/tool integrations — by running long-running, multi-agent workflows across decomposition, orchestration, implementation, testing, and review
- Take major initiatives from ambiguous problem statements through technical design, multi-team execution, rollout, and long-term operability
- Spend your time on direction, review, and taste rather than line-by-line coding. Define the evals, harnesses, guardrails, and review rituals that let your team confidently ship code no human typed
- Set the bar for how Sonatype engineers work with agents. Shape internal playbooks, tooling, and rituals; train Senior engineers in the craft; and raise the ceiling on what's possible
- Own non-functional requirements for your area — performance, reliability, and security — with particular attention to software supply chain threats (malicious packages, dependency confusion, provenance, SBOM accuracy)
- Partner with Product, Security Research, UX, and Support leaders to translate ambiguous customer needs into concrete, shippable technical plans; conduct deep design reviews; and raise the quality bar through thoughtful mentorship
Requirements:
- 7+ years of professional software development experience
- Strong experience with Java
- Experience with Cloud (AWS / Azure / GCP)
- Experience with large-scale distributed systems
- Experience with performance tuning
- Experience with data-intensive services
- Experience with production operability at scale
- Working knowledge of software supply chain security
- Familiarity with SBOM formats (CycloneDX, SPDX)
- Knowledge of SCA, SLSA provenance, Sigstore/cosign signing
- Knowledge of vulnerability analysis (OSV, NVD)
- Understanding of common attack patterns against package ecosystems
- Hands-on experience designing, running, and scaling multi-agent systems
- Experience with MCP tooling, shared context and memory, agent handoffs, and robust eval harnesses
- Ability to define evals, test harnesses, observability, and review workflows
- Ability to make product decisions independently
- Ability to drive scope, trade-offs, and sequencing without constant PM hand-holding
- Ability to lead internal rollouts and push the state of the art on how engineers work alongside agents
- Ability to architect and lead the technical design of major agentic-first subsystems
- Ability to partner with Product, Security Research, UX, and Support leaders
- Ability to own non-functional requirements for performance, reliability, and security
- Experience with multi-agent orchestration
- Experience with long-running, multi-agent workflows
- Experience with defining internal playbooks, tooling, and rituals
- Experience with mentoring Senior engineers