Offensive Security Researcher

NVIDIA is looking for security researchers passionate about offensive research across different platforms. Do you have experience with identifying hardware and software vulnerabilities, developing PoC, and tools for automation in vulnerability research? Are you creative and devious in your offensive approach? We want to hear from you! You should demonstrate ability to excel in an environment with innovative and fast paced development on the worlds most powerful integrated software and hardware computing platform. What you’ll be doing: Core job duties will identify vulnerabilities in our embedded firmware and critical system software, building proof of concepts, and collaborating with development teams to remediate them. Candidates will invest in improving current tools and offensive practices for bug discovery and evaluation while supporting remediation efforts. We expect team members to exercise modern tools for modeling new attack vectors on unreleased and emerging technology platforms. The most impactful candidates can simulate real attacker behaviors, break systems by exploiting design assumption and effectively communicate their findings for action. Focus will be to increase resilience of the end products against all forms of attack through close collaboration with extended SW and HW offensive security teams. Products targets span HPC data centers, consumer electronics, autonomous platforms, AI/cloud solutions, and a variety of embedded/IOT platforms providing a rich and complex target space to exercise your skills. What we need to see: We'd like to see proven experience and offensive security research (CVE’s, publications, patents, tools, bounties) with demonstrated responsible disclosure practices. Strong skills in reverse engineering and automation (IDA, Ghidra), fuzzing (AFL, WinAFL, Syzcaller) and exploitation (ROP, memory corruption) are important to success; as well as understanding of modern embedded cryptography and common security issues. Experience with ARM / X86/RISCV assembly (include shellcode development) and low-level C programming paired with understanding and experience with micro-architectural attacks (side channels, fault injection, etc) is critical. Demonstrated skill for secure code reviews of complex source projects, and exposure to code quality practices (SDL, threat modeling) that support development goals. Candidates should be comfortable working collaboratively and remotely with others to accomplish complex team goals, enabling delivery of outstanding security for our products. BS/BA degree or equivalent experience