Job Description

Sonatype is the software supply chain security company. We provide the world’s best end-to-end software supply chain security solution, combining the only proactive protection against malicious open source, the only enterprise grade SBOM management and the leading open source dependency management platform. This empowers enterprises to create and maintain secure, quality, and innovative software at scale.
As founders of Nexus Repository and stewards of Maven Central, the world’s largest repository of Java open-source software, we are software pioneers and our open source expertise is unmatched. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development.
More than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains.

About the Role

As an agentic-first Senior Software Engineer, you will design, build, and ship agentic-first features within Nexus Repository Manager. You'll own meaningful pieces of the product end-to-end, and long-running multi-agent development workflows will be your primary mode of work — you'll spend most of your time directing and verifying agents rather than hand-typing code. You'll partner with Staff and Principal engineers to deliver capabilities that help enterprises secure their software supply chains at massive scale.

Why You Will Want to Apply

• Ship customer-facing, agentic-first features in a product used by 15 million developers and 70% of the Fortune 100.
• Practice a fundamentally new way of building software — long-running, multi-agent development — alongside Staff and Principal engineers who are defining the craft.
• Work on real distributed systems problems — Java, cloud, data, and security — in a codebase that matters to the global open source ecosystem.
• Grow into a Staff trajectory with clear mentorship, meaningful ownership, and direct exposure to how agentic tooling is reshaping engineering.

What You Will do

• Design & Deliver With Agents: Design and implement scalable, high-performance features across the stack by driving long-running, multi-agent development workflows end-to-end — decomposition, orchestration, implementation, testing, and review.

• Own Your Work End-to-End: Take features from ambiguous requirements through design, implementation, rollout, and on-call operability, using agents to move faster without compromising quality.

• Verification Over Generation: Spend your time on direction, review, evals, and testing rather than line-by-line coding. Build and use the harnesses and guardrails that let you trust what the agents output.

• Advance the Practice: Contribute to internal playbooks, tooling, and rituals for how Sonatype engineers work with agents — sharing what's working, what isn't, and what we should try next.

• Quality, Security & Reliability: Write and ship clean, well-tested, observable code. Apply software supply chain security best practices to everything you deliver.

• Collaboration: Partner with Product, UX, and fellow engineers to translate customer needs into shippable solutions, and raise the quality bar through thoughtful code review and mentorship of earlier-career engineers.

Who You Are

• Long-running Agentic Developer: Multi-step, long-running agent workflows are your default way of building software — well beyond Copilot-style autocomplete. You regularly orchestrate multiple agents in parallel across planning, coding, testing, and review, and your own time is spent directing and verifying rather than generating.


• Multi-agent Orchestration in Practice: Hands-on experience running and composing multiple agents (e.g., Claude Code, Codex, Cursor background agents, or equivalents) — including MCP tools, custom prompts/skills, shared context, and eval loops that keep output trustworthy.


• Verification-first Mindset: You've internalized that the new leverage point is human judgment over machine generation. You write and maintain evals, test harnesses, and review workflows that let you confidently ship code you didn't personally type.


• Drawn to Leading-edge Practice: You're energized by being early in a new way of building software, tracking what's happening on the frontier, and bringing new techniques back to your team.


• Product Engineering Mindset: You think in terms of customer outcomes, not just tickets, and can make sensible product trade-offs in partnership with PM and design.


• Focused on What Matters: You want to build mission-critical products that drive revenue and transform how customers build software.


• Senior-level Engineering Skills: 4+ years of professional software development, including meaningful experience shipping and operating production services.


• Solid Technical Foundation: Strong experience with Java and at least one major cloud (AWS / Azure / GCP). Comfortable working in distributed systems — APIs, databases, queues, and the failure modes that come with them.


• Exposure to DevSecOps & Supply Chain Security: Familiarity with concepts like SBOMs, SCA, vulnerability management, dependency hygiene, and artifact/package ecosystems — or strong interest in going deep here.


• Deeply Curious: You push agentic tools to their limits — probing where they work, where they break, and how to make them better. You're energized by being early in a fundamentally new way of building software.

What We Are Proud Of

• 2025 Visionary in Gartner® Magic Quadrant™ for Application Security Testing!
• 2025 AI Compliance Solution of the Year - AI Breakthrough Awards
• 2025 DEVIES Award to our SBOM Manager for a new product for its innovation and impact in developer technology
• 2024 Industry Leader in Forrester-Wave for Software Composition Analysis (2024 Q4 report)
• Constellation AST Shortlist: Sonatype has been listed on the Constellation ShortList™ for Application Security Testing for 2024
• Data Breakthrough Awards: Sonatype was announced as a 2024 winner in the "Open Source Data Solution of the Year."
• SD Times: Best in Show Security
• Fast Company Best Workplaces for Innovators 2024
• The Herd Top 100 Private Software Companies 2024.
• Diversity & Inclusion Working Groups
• Parental Leave Policy
• Paid Volunteer Time Off (VTO)

At Sonatype, we value diversity and inclusivity. We offer perks such as parental leave, diversity and inclusion working groups, and flexible working practices to allow our employees to show up as their whole selves. We are an equal-opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.