Sr. DevOps Engineer

We are seeking a DevOps Software Developer experienced in Build and Release Engineering, Secure Software Development, and Software Supply Chain Risk Management (SCRM) in alignment with ISO 27001, NIST SP 800-161, and NIST SP 800-171 standards.

This role unites software engineering, automation, and compliance, building secure, traceable, and compliant software pipelines across hybrid (on-prem + cloud) environments. You will develop tools and frameworks that ensure software integrity, repeatability, and regulatory alignment from source code to deployment.

Key Responsibilities

1. Build & Release Engineering

• Design, develop, and maintain automated build and release pipelines for multi-tier applications.
• Manage version control systems and branching strategies; maintain artifact repositories (e.g., Jfrog Artifactory).
• Develop and optimize build scripts and automation tools using Python, Bash, CMake, or Gradle.
• Implement build verification, automated testing, and code signing for secure releases.
• Ensure traceability and reproducibility of builds

2. DevOps & Automation

• Architect and maintain CI/CD pipelines with Jenkins, GitLab CI, or GitHub Actions.
• Use Infrastructure as Code (IaC) tools such as Terraform, Ansible, or Terraform for consistent infrastructure deployment.
• Automate environment configuration, monitoring, and policy enforcement to meet compliance standards.
• Integrate security and compliance validation into CI/CD workflows.
• Support hybrid deployments across on-prem, virtualized, and cloud environments

3. On-Prem & Virtualization Infrastructure

• Manage and maintain on-premises servers and virtualization platforms (VMware vSphere/ESXi, KVM, or OpenStack).
• Automate provisioning and orchestration for VMs, containers, and networks.
• Monitor system performance, resource utilization, and capacity planning.
• Implement network segmentation, secure connectivity, and identity/access controls in compliance with ISO 27001 Annex A controls.
• Participate in infrastructure hardening, patch management, and disaster recovery planning.

4. Software Supply Chain Risk Management (SCRM)

• Implement secure software supply chain practices per NIST SP 800-161r1 and NIST SP 800-171.
• Maintain and validate Software Bills of Materials (SBOMs) using tools like BlackDuck
• Identify and mitigate vulnerabilities in open-source and third-party dependencies.
• Enforce artifact provenance, cryptographic integrity checks, and chain-of-custody documentation across builds.
• Contribute to secure procurement and vendor assurance processes under ISO 27001 and NIST frameworks.

5. Compliance & Security

• Implement and maintain compliance with ISO 27001, NIST SP 800-161 and NIST SP 800-171
• Integrate security baselines, vulnerability management, and code assurance tools into the DevOps workflow.
• Maintain audit trails, change records, and compliance documentation for ISO/NIST audits.
• Collaborate with QA, Security, and Compliance teams to continuously improve the secure development lifecycle (SDLC).

Required Qualifications

• Bachelor's degree in Computer Science, Software Engineering, or related field, or equivalent experience.
• 4-8+ years in DevOps, Build/Release Engineering, or Software Development roles.
• Strong understanding of SDLC, DevSecOps, and CI/CD principles.
• Proficiency in programming: Python, Bash, Go, or JavaScript.
• Experience with CI/CD platforms (Jenkins, GitLab CI, Azure DevOps) and IaC tools (Terraform, Ansible).
• Practical experience managing on-premises and virtualized infrastructure (VMware, Hyper-V, KVM).
• Working knowledge of ISO 27001, and NIST 800-series compliance frameworks.
• Familiarity with network security, system hardening, and access management across hybrid environments.

Preferred Skills

• Experience with Kubernetes, container orchestration, and hybrid cloud integration.
• Knowledge of FedRAMP, CMMC, or other federal cybersecurity frameworks.
• Familiarity with PKI, code signing, and secure key management.
• Experience integrating SAST, DAST, dependency scanning, and compliance automation tools.
• Contribution to continuous improvement of secure SDLC and DevSecOps maturity models.
• Summary

As a DevOps Software Developer, you will drive secure, automated, and compliant software delivery across hybrid infrastructure. Leveraging ISO 27001 and NIST 800-series frameworks, you'll ensure the quality, integrity, and traceability of every software artifact while advancing secure development and supply chain assurance across the organization.

The US base salary range for this full-time position is $160,000-$190,000. Fortinet offers employees a variety of benefits, including medical, dental, vision, life and disability insurance, 401(k), 11 paid holidays, vacation time, and sick time, as well as a comprehensive leave program.

Wage ranges are based on various factors, including the labour market, job type, and job level. Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.

All roles are eligible to participate in the Fortinet equity program. Bonus eligibility is reviewed at the time of hire and annually at the Company's discretion.

Why Join Us:

We encourage candidates from all backgrounds and identities to apply. We offer a supportive work environment and a competitive Total Rewards package to support you with your overall health and financial well-being.

Embark on a challenging, enjoyable, and rewarding career journey with Fortinet. Join us in bringing solutions that make a meaningful and lasting impact to our 660,000+ customers around the globe.