Location: This role is based onsite at our office in Santa Clara, CA.
Travel: Up to 25%
Job ID: 1726
The Role:
We are looking for a Senior Staff DevOps Engineer to join our Quantum Platform Network Security Engineering Team. The Platform Engineering team builds, secures, and operates scalable infrastructure for cloud-managed SaaS products with on-premises components deployed at customer sites.
The DevSecOps discipline owns the "software factory" - the end-to-end system that takes code from commit to production securely, reliably, and fast, with security embedded into every stage.
As a Senior Staff Engineer, you set the technical direction for the software factory. You own its roadmap, make the architecture and tooling decisions that shape how every product team ships, and raise the bar through standards, review, and mentorship. You remain deeply hands-on by writing pipeline code, building and testing infrastructure-as-code modules, configuring security scanning, managing dependencies, operating release infrastructure, and, where on-premises infrastructure is in scope, running physical and virtual systems. The work is automation-first with every repetitive task a candidate for a pipeline or an agentic workflow.
- CI/CD pipeline platform - the shared build, test, scan, sign, and deploy platform, with reusable templates and golden-path standards.
- Pipeline security and policy - scanning strategy, security gates, risk thresholds, and automated go/no-go decisioning.
- Release engineering and governance - the release train (versioning, environment promotion), the release gate with risk assessment, and an expedited, still-gated hotfix pipeline for emergency production changes.
- Dependency management and supply-chain security - dependency health, Software Bill of Materials (SBOM) generation, artifact signing, and provenance.
- Internal developer platform - self-service environment provisioning, onboarding, documentation, and the developer support model.
- Infrastructure as Code - reusable, tested modules, policy-as-code enforcement, and environment consistency across cloud and hybrid deployments.
- Security operations and compliance - vulnerability scanning, continuous compliance evidence, identity and access operations, and secrets lifecycle management.
- On-premises and hybrid operations - operational consistency between cloud and on-premises systems, where applicable.
- Agentic automation and AI security - agentic automation across the software factory, with guardrails and security controls for autonomous actions.
Responsibilities:
- Set the direction - own the software-factory roadmap and the architecture and tooling decisions behind it, and bring the organization along with you, so that every service builds, tests, scans, signs, and deploys through self-service, with no manual gates beyond code review and release approval.
- Make security the fast path - embed scanning and policy enforcement into every pipeline stage so secure delivery is the default, not a bottleneck.
- Run release management - operate the release train (versioning, environment promotion) and the release gate, and the expedited hotfix pipeline fast but fully gated.
- Keep dependencies and the supply chain healthy - automate dependency updates, track freshness, generate SBOMs, and verify artifact provenance.
- Build and improve the internal developer platform - deliver self-service capabilities that let product teams ship quickly and safely.
- Engineer infrastructure as code - write and test production modules with the same rigor product teams apply to application code.
- Operate security and compliance - run vulnerability scanning, drive findings to closure within security-based service-level targets and keep audit evidence continuously current.
- Automate with agents - build and operate agentic workflows for pipeline triage, dependency orchestration, and routine support, and enforce guardrails for autonomous actions.
- Scale the team and broaden impact - mentor engineers at different seniority levels, raise the bar through standards, review, and golden paths, and align Architecture, SRE, Cloud Operations, and Product Development behind the roadmap.
Requirements:
- 12+ years of production engineering experience with recent hands-on work.
- Hands-on, recent experience building and operating CI/CD pipeline platforms at production scale.
- Security embedded into pipelines as a practitioner - has personally configured scanning and driven a real vulnerability to closure within a deadline.
- Infrastructure-as-Code authored and tested, with production modules to show, not only consumed.
- Demonstrated ownership of release, dependency, or vulnerability-management outcomes with measurable results.
- Scripting and automation fluency, with a clear bias toward removing manual toil.
Preferred Qualifications:
- Supply-chain security depth (signing, SBOMs, provenance, SLSA).
- Internal developer platform or self-service design, measured by adoption.
- Release-gate or release-train ownership, including expedited or emergency-change delivery under pressure.
- Agentic delivery automation (AWS Agent Core or equivalent) and AI or LLM security practice.
The approximate base salary range for this position is $216,136 - $282,978. The total compensation package includes base, bonus, equity, and a range of benefit options found on our career site.