Senior Technical Program Manager, Security Incident Response

NVIDIA’s Product Security Incident Response Team (PSIRT) is looking for a passionate and innovative Technical Program Manager  (TPM) to help us elevate our program to the next level. The TPM’s main focus will be vulnerability management/remediation in NVIDIA’s products and participate in incident response activities. The ideal candidate will improve NVIDIA’s internal software security response procedures, prioritize both public and internal vulnerability remediation, and collaborate with engineering teams to handle the end-to-end resolution of issues. Products can include GPUs, cloud software, AI/ML, enterprise servers, automotive components, embedded devices, and many others. Expertise in these areas is not required, but flexibility and a wide comprehension of device usage and requirements is desirable.

As an NVIDIAN, you will be immersed in a diverse, supportive environment where everyone is encouraged to do their life’s work. Come join the team and see how you can make a lasting impact on the world!

What you’ll be doing:

• Craft and implement PSIRT processes and program improvements to elevate NVIDIA’s vulnerability handling and incident response capabilities.

• Handle the receipt, resolution, and disclosure of security vulnerabilities across NVIDIA product lines.

• Engage directly with virtual security teams, engineering partners, and internal support teams to drive issues to long-term resolution

• Communicate status of PSIRT involvement at all levels of management, both internal and external

• Draft publications for the security vulnerability disclosures as well as lower-severity security-impacting defects

• Champion continuous improvement efforts related to security activities across NVIDIA

• Engage with the broader industry security community and stay at the forefront of industry security trends and requirements

What we need to see:

• Quickly scale knowledge while being mentored by leaders

• Ability to understand technical issues at a high level on a wide range of topics

• Leadership skills to step up and identify resolutions that are best for NVIDIA and its customers, even if that means going beyond the initial ask

• Effective written and verbal communication regardless of audience or issue complexity

• Ability to work cross-functionally and remotely with other teams to accomplish sophisticated goals

• Experience with some of the following standards or processes: CVSS, CWE, SDLC, SBOM, VEX, CSAF, threat modeling

• Knowledge of industry practices for responsible disclosure of security threats and product vulnerabilities

• BS/BA degree or equivalent experience

• 5+ years in a Program or Project Management field

• 8+ years of relevant security experience

Ways to stand out from the crowd:

• Proven experience driving customer-facing issues (security preferred) effectively and efficiently

• Experience in a previous PSIRT, security development lifecycle (SDL), or bug bounty management role

• Understanding of software release processes, e.g. Agile, Unit Testing, etc.

• Ability to write SQL scripts, experience with REST APIs, or build reporting dashboards

The base salary range is 156,000 USD - 299,000 USD. Your base salary will be determined based on your location, experience, and the pay of employees in similar positions.

You will also be eligible for equity and benefits. NVIDIA accepts applications on an ongoing basis.

NVIDIA is committed to fostering a diverse work environment and proud to be an equal opportunity employer. As we highly value diversity in our current and future employees, we do not discriminate (including in our hiring and promotion practices) on the basis of race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law.