NVIDIA is looking for a Sr. Technical Manager to handle the day-to-day management of the PSIRT and security incidents in its products.
Nvidia's invention of the GPU 1999 sparked the growth of the PC gaming market, redefined modern computer graphics, and revolutionized parallel computing. More recently, GPU deep learning ignited modern AI — the next era of computing — with the GPU acting as the brain of computers, robots, and self-driving cars that can perceive and understand the world. Today, we are increasingly known as "the AI computing company". We are looking to grow our company, and grow with the smartest people in the world.
You will enhance NVIDIA's internal software security response procedures, prioritize both public and internal security incidents, and collaborate resources between teams to manage and be responsible for the end-to-end resolution of issues. Products can include GPUs, automotive components, and embedded devices; expertise in these areas is not required, but flexibility and a wide comprehension of device usage and requirements is desirable.
What you'll be doing:
- You will manage a direct and extended team of security professionals focused on the management of reported vulnerabilities and corrective actions in the lifecycle to reduce further occurrences.
- Design and execute processes to manage NVIDIA's vulnerability handling capabilities:
- Identify the best tools and practices for isolation of threats and management of resolution
- You recommend and implement improvements to processes, tools, and related practices to reduce recurrence of issues.
- Document, and maintain process flows to ensure consistency in practices and execution across NVIDIA's business units
- Lead the receipt, resolution and disclosure of security vulnerabilities across product lines:
- You own and manage inbound reports of security vulnerabilities,
- Engage directly with partners and internal support teams to drive issues to long-term resolution,
- Identify resources for conducting root cause analysis of vulnerabilities
- You help to shape NVIDIA's Security Culture:
- Research, review and recommend training opportunities to expand PSIRT knowledge to related teams
- Communicate status of PSIRT involvement at all levels of management, both internal and external
- Engage external teams such as PR, Legal, etc. as required
- Draft publications for the disclosure of security vulnerabilities as well as lower-severity security-impacting defects
- Foster continuous improvement efforts related to security activities
What we need to see:
- In-depth understanding of the bug resolution process
- Demonstrated security experience in a vulnerability management, forensic, or offensive security focused role.
- Knowledge of industry practices for responsible disclosure of security threats and product vulnerabilities
- Effective written and verbal communication regardless of audience or issue complexity
- Ability to work collaboratively and remotely with others to accomplish complex goals
- Requires BS/BA degree or equivalent industry experience and 12+ years in the Software development or Security related field with 5+ years of team management experience
Ways to stand out from the crowd:
- Understanding of software release processes, e.g. Agile, Unit Testing, Fuzzing, etc.
- Shown experience dealing with raised, customer-facing issues (security preferred) effectively and efficiently