NVIDIA's Vulnerability Operations team needs a Penetration Tester to schedule, prioritize, and conduct assessments while establishing and maintaining friendship with internal customers. As a part of Product Security, we see all types of technology across NVIDIA that need assessed with gentle understanding and love. Web apps are the least of concern on the Vulnerability Operations team! How exciting is an opportunity to learn how to attack weird stuff? We like to think very exciting. An ideal candidate is a Pentest Consultant that enjoys being a consultant, the ability to both talk and implement.
What you’ll be doing:
Conduct open box penetration testing assessments on a variety of products, ranging from web applications, cloud, APIs, and automation pipelines
Make friends product owners to scope and schedule assessments, often with another operator, but sometimes our engagements are self directed
Prioritize assessments based on a number of factors: critical stuff goes first, and customers need to understand why they didn't make the list this month and what we can do to help
Communicate the Pentest team's assessment bandwidth and timeline to customers: visually, verbally, on recurring comms, or something else. It's up to you!
Table Top Exercises to generate nightmare scenarios with customers: freeform threat modeling where we cut right to the heart of what scares them about their product, and our recommendations on how to fix it
What we need to see:
A Bachelor's Degree or equivalent experience.
5+ years of adversarial experience at a company, organization. Show us a history of bugs or exploits.
Proven intrapersonal skills, specifically, trustworthy speaking (there are tricks to learning interpersonal skills - don’t let this worry you)
Growth Mindset where every single day brings opportunities to tackle new problems.
Helpful demeanor. We are trusted adversaries and that trust needs to remain strong
Automation skills or experience with Kubernetes, Terraform, or other automation tools
Ways to stand out from the crowd:
Burp Suite Mastery or Red Team Experience as an operator
Offensive Security focused research, being published is a bonus, CVEs are a bonus
Validated passion projects or engaging personal projects on Git, security conference speaking, blog posts, or presentations
Certs: OSWE or similar
The base salary range is 132,000 USD - 258,750 USD. Your base salary will be determined based on your location, experience, and the pay of employees in similar positions.
You will also be eligible for equity and benefits. NVIDIA accepts applications on an ongoing basis.
NVIDIA is committed to fostering a diverse work environment and proud to be an equal opportunity employer. As we highly value diversity in our current and future employees, we do not discriminate (including in our hiring and promotion practices) on the basis of race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law.
