Nvidia Offensive Security Researcher 

United States, Texas 

225745428

What you’ll be doing:

• Core job duties will identify vulnerabilities in our embedded firmware and critical system software, building proof of concepts, and collaborating with development teams to remediate them.

• Candidates will invest in improving current tools and offensive practices for bug discovery and evaluation while supporting remediation efforts. We expect team members to exercise modern tools for modeling new attack vectors on unreleased and emerging technology platforms.

• The most impactful candidates can simulate real attacker behaviors, break systems by exploiting design assumption and effectively communicate their findings for action. Focus will be to increase resilience of the end products against all forms of attack through close collaboration with extended SW and HW offensive security teams.

• Products targets span HPC data centers, consumer electronics, autonomous platforms, AI/cloud solutions, and a variety of embedded/IOT platforms providing a rich and complex target space to exercise your skills.

What we need to see:

• We'd like to see proven experience and offensive security research (CVE’s, publications, patents, tools) with responsible disclosure practices.

• Strong skills in reverse engineering and automation (IDA, Ghidra), fuzzing (AFL, WinAFL, Syzcaller) and exploitation (ROP, memory corruption) are important to success; as well as understanding of modern embedded cryptography and common security issues.

• Experience with ARM / X86/RISCV assembly (include shellcode development) and low-level C programming paired with understanding and experience with micro-architectural attacks (side channels, fault injection, etc) is critical.

• Demonstrated skill for secure code reviews of complex source projects, and exposure to code quality practices (SDL, threat modeling) that support development goals.

• Candidates should be comfortable working collaboratively and remotely with others to accomplish complex team goals, enabling delivery of outstanding security for our products.

• BS/BA degree or equivalent experience

• 8+ years in a security related field

Ways to stand out from the crowd:

• Navigating complex platform concerns and ability to analyze composed systems to identify high risk components and established testing targets and objectives.

• Practical skills using Hex-Rays IDA Pro and plugin/loaders development (or similar experience with Ghidra) is valuable as well as experience with enclave models such as ARM TEE, Intel SGX/TDX, AMD SEV-SNP and other isolation technologies.

• Development and integration of AI tooling and skills to accelerate and improve activities and or experience with offensive actions targeting AI models (LLM or other) components within those platforms.

• Experience using any of the common binary instrumentation frameworks and/or working with LLVM IR and Clang plugins, or fuzzing to aid at scale analysis.