Tech Stack
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
AI @ 4
API @ 4
Audit @ 4
Distributed Systems @ 8
Go @ 7
Leadership @ 4
Linux @ 3
Protobuf @ 3
Python @ 7
Rust @ 7
Scoping @ 4
Security @ 4
gRPC @ 3
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
NVIDIA Cloud Engineering & Services is building an enterprise governance layer for agentic systems: signed policy, runtime verification, policy projection, credential mediation, detector verdict handling, and common audit across runtime substrates and enterprise integrations. This role is to mature an APF v0 proof-of-life into a robust core platform for governed agent action, including signed policy, Runtime Policy Verifier, projection, conformance, and failure mode handling for APF deployments.
Responsibilities
- Own APF Core Services: build and harden the Runtime Policy Verifier, signed policy bundle verification, trust-root handling, freshness, rollback protection, subject binding to attested runtime context, revocation checks, and authorization APIs used by APF-compatible enforcement points.
- Design Policy Projection: implement deterministic projections from the canonical APF policy into OpenShell-native runtime policy, adapter constraints, credential constraints, audit requirements, and model-visible tool hints while preserving the atomic projection-admission contract.
- Build Conformance and Verification: create golden fixtures, compatibility tests, negative tests, fuzz/property tests, and conformance suites that prove APF-compatible runtimes and adapters honor the same contract.
- Collaborate with Runtime Owners: engage alongside OpenShell and Infrastructure engineers on public runtime interfaces for projection consumption, runtime context attestation, approved adapter paths, direct egress verification, and admission/rejection semantics.
- Land the Runtime Integration Surfaces: own cross-team work to land public substrate interfaces APF composes against — runtime-context attestation, approved adapter path declaration, projection acceptance and rejection semantics, quarantine, and stop-session hooks — and publish each as a public RFC or PR.
- Drive Architecture Maturity: define versioning, schema compatibility, latency budgets, availability behavior, fail-closed defaults, last-known-good policy handling, and produce engineering review artifacts for Product Security, Fleet, Identity, and partner teams.
- Evolve Technical Specifications: write specifications, defend bounded claims in security and architecture reviews, drive open-decision resolution, and turn working-draft contracts into engineering artifacts adopable by Product Security, Fleet, Identity, and partner runtimes.
Requirements
- Bachelor's degree (or equivalent experience) with 15+ years of industry experience in systems software, security engineering, distributed systems, or policy infrastructure.
- Technical Core: strong programming skills in Rust, Go, C++, or Python; experience designing production services, APIs, schemas, policy engines, authorization systems, or signed artifact pipelines.
- Infrastructure Familiarity: Linux systems, IPC or service-to-service APIs, protobuf/gRPC or equivalent wire formats, CI, test automation, release engineering, and cloud or enterprise deployment environments.
- Security Engineering: practical experience with authorization, cryptographic signatures, trust roots, revocation, subject binding, rollback protection, secure-by-default failure handling, and zero-trust architecture patterns.
- Architecture Leadership: ability to write streamlined technical specifications, align multiple engineering owners, defend bounded claims, and turn working-draft architecture into buildable interfaces without over-scoping the runtime.
Ways to Stand Out
- Runtime Policy Systems: experience with OPA/Rego, Cedar, Zanzibar-style authorization, policy compilers, sandbox policy, or runtime enforcement systems.
- Agent Runtime Security: familiarity with agent frameworks, tool-call governance, sandboxed execution, OpenShell-like runtime substrates, MCP-style tool routing, or credential isolation for agents.
- Supply Chain and Signing: experience with Sigstore, TUF, in-toto, HSM-backed signing, package provenance, signed configuration, or enterprise trust-root distribution.
- Formal or Adversarial Verification: experience using property testing, model checking, symbolic execution, red-team findings, or bounded verification to constrain security claims.
- Standards engagement: experience contributing to RFCs in identity, supply-chain, or policy spaces (IETF, OpenID Foundation, FIDO Alliance, CNCF, NIST).
Compensation and Benefits
- Base salary range: 272,000 USD - 431,250 USD (final base determined by location, experience, and pay of employees in similar positions).
- Eligible for equity and NVIDIA benefits (link to NVIDIA benefits referenced in original posting).
Company & Application
- Applications for this job will be accepted at least until June 26, 2026.
- This posting is for an existing vacancy.
- NVIDIA uses AI tools in its recruiting processes and is an equal opportunity employer committed to diversity and inclusion.
More jobs at Nvidia
Senior Systems Software Engineer, Observability and Telemetry Platform
Nvidia · Santa Clara, United States
USD 184,000-356,500 per year
Senior Systems Software Engineer – GPU Software
Nvidia · Santa Clara, United States
USD 152,000-241,500 per year
Senior Software Engineer, CUDA Core Libraries
Nvidia · Santa Clara, United States
USD 184,000-356,500 per year
Principal Engineer, Applied Research - Accelerator Programming Model and Compiler
Nvidia · Santa Clara, United States
USD 272,000-431,200 per year
Senior System Software Architect - Halos Core and Robotics Platform
Nvidia · Santa Clara, United States
USD 224,000-431,200 per year
Similar jobs
Forward Deployed Engineer - Physical AI Cloud Platform
Nebius · United States, San Francisco, United States, Austin, United States
USD 179,500-224,300 per year
Senior Storage Software Engineer, DGXC Data Services
Nvidia · Santa Clara, United States
USD 152,000-287,500 per year
Principal Engineer, AI Tooling And Workflows
Nvidia · Santa Clara, United States
USD 272,000-431,200 per year
Staff Software Engineer, EAA CX
Coinbase · United States
USD 218,000-256,500 per year
Distinguished Engineer, Storage – AI Cloud
Nvidia · Santa Clara, United States
USD 320,000-488,800 per year
Autonomous Agent Engineer
Nvidia · Santa Clara, United States
USD 184,000-356,500 per year
Security Controls Assurance Lead
Anthropic · Washington, United States, New York City, United States, San Francisco, United States
USD 345,000 per year
Staff Full Stack Engineer, Identity
Stripe · South San Francisco, United States, New York City, United States, Seattle, United States
USD 224,000-336,000 per year