Nvidia Senior Firmware Security Engineer 

United States, California 

841697352

time type

Full time

posted on

Posted Yesterday

job requisition id

in the datacenter. We want your help to build an industry leading security posture for a security criticalacross all these products.

be doing:

• Design, develop, test, debug, and optimize GPU firmware throughout the entire GPU lifecycle

• Continuously evaluate and improve the security posture of firmware and hardware that form the root of trust for our products

• Improve team software process and core infrastructure by enhancing build systems, regression farms, and security test infrastructure

• Participate in in-depth security reviews of software, hardware, process, and infrastructure

• Facilitate security requirements and solutions by participating inindustry standards such as NIST, Open Compute Project, DMTF etc., and aligning with key customers and partners

• Collaborate with NVIDIA’s and third-party vendors’ hardware and software teams to improve security across hardware, BootROMs, and software stacks

• Work within a larger virtual security team on other parts of the GPU stack, as necessary

What we need to see:

• BS or MS degree in EE/CS/CE (or equivalent experience)

• 6+ years’ experience in developing device BIOS, firmware, or other low-level software

• 4+ years’ experience in building secure firmware and working with hardware security components

• Strong C skills

• Secure software fundamentals including cryptography,authentication/attestation,chains of trust, and understanding of common SW securityvulnerabilities

• Easy to work with, as you’ll constantly work closely with both hardware designers and other software engineers to design, develop, and debug functional (and non-functional!) aspects of GPU subsystems

Ways to stand out from the crowd:

• Experience with threat modeling, formal design analysis, hardware/firmware architecture, and other demonstrable security experience in a defensive security focused role.

• Background with secure development techniques such as attack-trees, static/dynamic analysis, fuzzing, and negative testing

• Experience developing for safety critical platforms

• Experience with formal verification

• Passion for your work