NVIDIA is defining the next era of computing by tapping into the unlimited potential of AI, where GPUs power computers, robots, autonomous systems, and AI agents. Joining the OpenShell team offers a unique opportunity to own the build, packaging, release, and CI/CD foundation for a sophisticated platform that provides secure, sandboxed runtimes for autonomous AI agents. OpenShell includes a control-plane gateway, privacy-conscious inference router, declarative policy engine, container and VM-based sandbox execution, GPU support, Helm deployments, multi-architecture artifacts, and public developer install flows. This role is for an engineer who wants to make the system reliable from source code to shipped artifact.
What You’ll Be Doing:
Own and evolve OpenShell’s CI/CD system across GitHub Actions, self-hosted Linux amd64/arm64 runners, GPU runners, macOS runners, reusable workflows, gated e2e jobs, release canaries, and developer-facing branch checks.
Build and harden multi-architecture release pipelines for GHCR images, Helm OCI charts, Linux and macOS CLI binaries, gateway and sandbox binaries, Python wheels, Debian packages, RPM packages, Homebrew formula generation, and install scripts.
Improve release reliability for both rolling dev builds and tagged public releases, including version derivation, automatic tagging, checksums, artifact pruning, provenance, artifact attestations, and downstream package publishing.
Drive reproducible and performant builds using mise, uv, Cargo, maturin, BuildKit, Docker/Podman, sccache, native amd64/arm64 runners, Zig, osxcross, protobuf codegen, and pinned toolchains.
Own the quality gates that decide whether code is safe to merge or ship, including Rust/Python checks, license headers, markdown/docs validation, e2e label gates, Docker/Podman e2e, Kubernetes/Helm e2e, GPU e2e, and release canary coverage.
Debug difficult build and release failures across containers, registries, runners, package managers, cross-compilation toolchains, kernel/VM runtime artifacts, and CI cache behavior.
Partner with platform engineers to make OpenShell easier to install and operate across Linux, macOS, Kubernetes, Docker, Podman, GPU environments, and experimental VM/libkrun-based runtimes.
Continuously improve CI observability, failure diagnostics, workflow runtime, cache hit rates, artifact traceability, and the developer experience for contributors and maintainers.
What We Need To See:
Minimum of a Bachelor’s degree in Computer Science, Electrical Engineering, or a related technical field, or equivalent experience.
8+ years of meaningful engineering experience, with strong ownership of build, release, CI/CD, developer infrastructure, or systems tooling.
Deep experience with GitHub Actions or similar CI systems, including reusable workflows, self-hosted runners, permissions, secrets, workflow gates, matrix builds, artifact handling, and failure diagnosis.
Strong Linux systems and shell scripting skills, with the ability to debug build failures at the boundary between OS packages, containers, compilers, linkers, filesystems, and runtime environments.
Experience shipping multi-platform artifacts, including container images, Linux packages, macOS artifacts, checksums, installer scripts, and public release assets.
Working knowledge of Rust and Python build ecosystems, including Cargo, cross-compilation, Python wheels, uv, maturin, protobuf generation, and native dependency management.
Experience with Docker, BuildKit/buildx, container registries, OCI images, Helm charts, Kubernetes deployment/testing flows, and Docker/Podman compatibility concerns.
Strong understanding of supply-chain hardening: pinned actions, dependency lockfiles, release provenance, artifact checksums, SBOMs, attestations, least-privilege CI permissions, and secret hygiene.
Ability to reason about release risk, keep pipelines reliable under active development, and communicate clearly when a release should stop, continue, or be rolled back.
Ways To Stand Out From The Crowd:
Experience building release systems for Rust-heavy products with Python bindings or SDKs.
Hands-on experience with native amd64/arm64 CI, GPU CI, WSL, Jetson/Tegra, CDI, or NVIDIA container workflows.
Experience with macOS cross-compilation, Homebrew formula generation, codesigning, osxcross, Zig, musl/glibc compatibility, or manylinux wheels.
Familiarity with Debian, RPM, Snap, systemd user services, or packaging products that install local daemons and helper binaries.
Track record reducing CI cost and latency through cache strategy, workflow decomposition, runner selection, and build graph simplification.
NVIDIA is widely considered one of the technology world’s most desirable employers. We have some of the most forward-thinking and hardworking people on the planet working for us. If you’re creative, pragmatic, and self-motivated, we want to hear from you. NVIDIA is leading groundbreaking developments in Artificial Intelligence, High-Performance Computing, and Visualization, and OpenShell is helping make autonomous AI agents safer, more private, and more useful.
Your base salary will be determined based on your location, experience, and the pay of employees in similar positions. The base salary range is 184,000 USD - 287,500 USD for Level 4, and 224,000 USD - 356,500 USD for Level 5.You will also be eligible for equity and benefits.
This posting is for an existing vacancy.
NVIDIA uses AI tools in its recruiting processes.
NVIDIA is committed to fostering a diverse work environment and proud to be an equal opportunity employer. As we highly value diversity in our current and future employees, we do not discriminate (including in our hiring and promotion practices) on the basis of race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law.