Security Development Engineer

Details

The NVIDIA Product Security Team is seeking a hands-on Security Engineer to join the Secure Development Platform team and help deliver scalable solutions that secure NVIDIA’s software development lifecycle (SDLC) and help build foundational systems that identify and manage regulated software releases — including those requiring FedRAMP, DoD ILx, or other compliance certifications. The role promotes a “secure-by-default” culture and partners with engineering teams to integrate security insights and automation into every stage of the SDLC. The engineer will help define how regulated release types are detected, how evidence is continuously generated and evaluated, and how teams can track their certification status using real-time signals.

Responsibilities

• Develop backend services and data pipelines to identify software releases subject to FedRAMP and other regulatory requirements.
• Build platform features that automate evidence generation based on release context, policy coverage, and operational controls.
• Implement policy-as-code frameworks to evaluate compliance against FedRAMP baselines and track residual risks and mitigations.
• Present release readiness checklists for Security Owners, enabling assessment of gaps and progress toward regulated release approval.
• Enable release teams to self-attest readiness for regulated environments via structured checklists, metadata tagging, and SDLC signal ingestion.
• Integrate with platforms across security scanning, logging, and access control to collect relevant compliance evidence.
• Help maintain NVIDIA’s FedRAMP-compliant security programs — improve scanner coverage, implement real-time dashboards, automate key processes, and help ensure on-time certification renewals.
• Create tools and APIs that display certification progress, identify gaps, and assist internal customers, security experts, and auditors.

Requirements

• Bachelor’s degree in Computer Science, Information Security, or equivalent experience.
• 3+ years experience in software development, platform engineering, or security automation roles.
• Strong backend engineering skills in Python, Go, or similar languages.
• Familiarity with FedRAMP, NIST, or other U.S. regulatory frameworks.
• Experience designing and integrating RESTful APIs and working with containerized, cloud-native environments.
• Understanding of secure SDLC practices and the role of artifacts (e.g., SBOMs, logs, test evidence) in regulated certifications.
• Knowledge of policy-as-code tools and frameworks (e.g., Open Policy Agent) is a plus.
• Familiarity with SBOM standards, especially the CycloneDX specification.
• Strong collaboration and interpersonal skills across security, compliance, and engineering teams.
• Passion for building automated, developer-friendly compliance platforms.

Ways to Stand Out

• Experience working on or supporting FedRAMP certification processes for NVIDIA releases.
• Prior work mapping infrastructure and security controls to regulatory control baselines.

Compensation & Benefits

• Base salary ranges (determined by location and level):
  • Level 2: 120,000 USD - 189,750 USD
  • Level 3: 148,000 USD - 235,750 USD
• Eligible for equity and benefits (see NVIDIA benefits).

Additional Information

• Applications for this job will be accepted at least until August 22, 2025.
• NVIDIA is an equal opportunity employer and is committed to fostering a diverse work environment.