Principal Software Engineer, Agent Policy Fabric

NVIDIA is widely recognized as one of the most desirable employers, with some of the world's most dedicated people working for us! The Cloud Engineering & Services team is building an enterprise governance layer for agentic systems: signed policy, runtime verification, policy projection, credential mediation, detector verdict handling, and common audit across runtime substrates and enterprise integrations.

We are looking for a Principal Software Engineer, Agent Policy Fabric (APF) Core Platform, to join our Cloud Engineering & Services team and mature the scoped APF v0 proof-of-life into a robust core platform for governed agent action. You will play a critical role in building the foundations for the signed policy, Runtime Policy Verifier, projection, conformance, and failure mode that future APF deployments depend on.

What You'll Be Doing:

• Own APF Core Services: Build and harden the Runtime Policy Verifier, signed policy bundle verification, trust-root handling, freshness, rollback protection, subject binding to attested runtime context, revocation checks, and authorization APIs used by APF-compatible enforcement points.

• Design Policy Projection: Implement deterministic projections from the canonical APF policy into OpenShell-native runtime policy, adapter constraints, credential constraints, audit requirements, and model-visible tool hints, while preserving the atomic projection-admission contract.

• Build Conformance and Verification: Create golden fixtures, compatibility tests, negative tests, fuzz/property tests, and conformance suites that prove APF-compatible runtimes and adapters honor the same contract.

• Collaborate with Runtime Owners: Engage alongside OpenShell and Infrastructure engineers on public runtime interfaces for projection consumption, runtime context attestation, approved adapter paths, direct egress verification, and admission/rejection semantics.

• Land the Runtime integration surfaces. Own the cross-team work with OpenShell and other runtime owners to land public substrate interfaces APF composes against — runtime-context attestation, approved adapter path declaration, projection acceptance and rejection semantics, quarantine, and stop-session hooks. Land each as a public RFC or PR.

• Drive Architecture Maturity: Define versioning, schema compatibility, latency budgets, availability behavior, fail-closed defaults, last-known-good policy handling, and engineering review artifacts for Product Security, Fleet, Identity, and partner teams.

• Evolve technical specifications. Write specifications, defend bounded claims in security and architecture reviews, drive open-decision resolution, and turn working-draft contracts into engineering artifacts that Product Security, Fleet, Identity, and partner runtimes can adopt.

What We Need To See:

• Bachelor's degree (or equivalent experience) with 15+ years of industry experience in systems software, security engineering, distributed systems, or policy infrastructure.

• Technical Core: Strong programming skills in Rust, Go, C++, or Python; experience designing production services, APIs, schemas, policy engines, authorization systems, or signed artifact pipelines.

• Infrastructure Familiarity: ​Linux systems, IPC or service-to-service APIs, protobuf/gRPC or equivalent wire formats, CI, test automation, release engineering, and cloud or enterprise deployment environments.

• Security Engineering: Practical experience with authorization, cryptographic signatures, trust roots, revocation, subject binding, rollback protection, secure-by-default failure handling, and zero-trust architecture patterns.

• Architecture Leadership: Ability to write streamlined technical specifications, align multiple engineering owners, defend bounded claims, and turn working-draft architecture into buildable interfaces without over-scoping the runtime.

Ways to Stand Out from the Crowd:

• Runtime Policy Systems: Experience with OPA/Rego, Cedar, Zanzibar-style authorization, policy compilers, sandbox policy, or runtime enforcement systems.

• Agent Runtime Security: Familiarity with agent frameworks, tool-call governance, sandboxed execution, OpenShell-like runtime substrates, MCP-style tool routing, or credential isolation for agents.

• Supply Chain and Signing: Experience with Sigstore, TUF, in-toto, HSM-backed signing, package provenance, signed configuration, or enterprise trust-root distribution.

• Formal or Adversarial Verification: Experience using property testing, model checking, symbolic execution, red-team findings, or bounded verification to constrain security claims.

• Standards engagement: Experience contributing to RFCs in identity, supply-chain, or policy spaces (IETF, OpenID Foundation, FIDO Alliance, CNCF, NIST).

With competitive salaries and a generous benefits package, NVIDIA is widely considered to be one of the technology industry's most desirable employers. We have some of the most forward-thinking and versatile people in the world working with us, and our engineering teams are growing fast in some of the most impactful fields of our generation: AI, Data Engineering, Data Science. If you're a creative engineer who enjoys autonomy and shares our passion for technology, we want to hear from you.

Your base salary will be determined based on your location, experience, and the pay of employees in similar positions. The base salary range is 272,000 USD - 431,250 USD.

You will also be eligible for equity and benefits.

Applications for this job will be accepted at least until June 26, 2026.

This posting is for an existing vacancy. 

NVIDIA uses AI tools in its recruiting processes.

NVIDIA is committed to fostering an inclusive work environment and proud to be an equal opportunity employer. As we highly value diversity in our current and future employees, we do not discriminate (including in our hiring and promotion practices) on the basis of race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law.