NVIDIA’s GPU SW Security team is searching for a strong self-driven, creative engineer with experience in security research, analysis and hardening. You will be part of an inclusive team of motivated security engineers working on some of the most complex system software in the world. You will be analyzing designs, developing mitigations based on current state of the art, performing security research, and actively finding implementation vulnerabilities.
GPU System Software provides the foundation of everything from gaming to professional graphics to the cloud. Computer gaming is the world’s largest entertainment industry and GeForce is the industry leading gaming brand with over 200 million gamers worldwide. We haven’t stopped there, NVIDIA GPUs now provide the leading platform for breakthroughs in AI, data center, accelerated computing, healthcare, intelligent networking, and more. All these products require an industry leading security posture which we want your help with.What you'll be doing:
What we need to see:
Lead design analysis, threat modeling of security critical driver or firmware components
Identify vulnerabilities in our kernel and embedded software through tooling, building proof of concepts for key weaknesses
Provide technical expertise on attacker trends, deploy cutting edge security technologies, tools, and practices to a wide variety of complex components across Kernel/FW/HW boundary (e.g. static for enforcement, dynamic for fuzzing)
Work jointly with internal development teams to review application code and refine security posture
Provide technical expertise on attacker trends, evaluate, recommend, and develop cutting edge security technologies, tools, and practices: static analysis for security enforcements, dynamic analysis solutions for fuzzing
Collaborate with security architects to develop a long-term security roadmap for our products to ensure suitability for the markets we serve
Delivering solutions which enable measuring security effectiveness and quality
Understand, balance and communicate business risk with security risk
Ways to stand out from the crowd:
BS or MS degree in Computer Engineering, Computer Science, or related degree (or equivalent experience)
3+ years of meaningful experience
Demonstrated experience in security analysis of complex systems and developing/deploying tooling
Demonstrated knowledge of current state of the art in attacker trends and defensive methodology
Exhibit a hands-on technical background. Excellent C programming and low-level driver experience
Knowledge with operating systems and computer system architecture, microprocessor, and microcontroller fundamentals (caches, buses, memory controllers, DMA, etc.)
Strong, working knowledge of cryptography and its applications
Working knowledge of RISCV
Experience with system reverse engineering and exploitation
Background with formal languages such as Ada SPARK
Experience with secure code quality practices and tooling to support quick engagements and rapid analysis - static analysis tools (Coverity, Checkmarx , or similar), dynamic scanning (Rapid 7, AppSider , or similar), Fuzzing (AFL, Peach, or similar) and code coverage (Bullseye, LDRA, etc.)
Understanding of secure software development lifecycles best practices, e.g. threat modeling, unit testing, incident response, etc.
Proven skills in working in large geographically distributed teams
NVIDIA is widely considered to be one of the technology world’s most desirable employers. We have some of the most forward-thinking and hardworking people on the planet working for us. If you're creative, passionate and self-motivated, we want to hear from you! NVIDIA is leading the way in groundbreaking developments in Artificial Intelligence, High-Performance Computing and Visualization. The GPU, our invention, serves as the visual cortex of modern computers and is at the heart of our products and services.
NVIDIA is committed to fostering a diverse work environment and proud to be an equal opportunity employer. As we highly value diversity in our current and future employees, we do not discriminate (including in our hiring and promotion practices) on the basis of race, religion, color, national origin, gender, gender expression , sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law.