AI and Information Security Researcher

RAND Corporation

RAND is a nonprofit institution that helps improve policy and decision-making through research and analysis. RAND focuses on the issues that matter most such as health, education, national security, international affairs, and the environment.

RAND's Meselson Center, part of the Global and Emerging Risks (GER) division, is seeking mission-driven cybersecurity experts to address critical challenges at the intersection of AI, information security, and national security. As an AI and Information Security Researcher, you'll manage and lead projects that directly impact AI and cybersecurity policy at the highest levels of government and industry, contributing to the security and integrity of powerful AI systems.

Your work will address key questions related to securing AI systems, understanding their cyber capabilities, and examining their policy implications. You will be responsible for significant research budgets and personnel, leading complex projects that span technical research, policy analysis, and infrastructure development.

RAND's reputation for excellence is built on our commitment to high-quality, rigorous analysis and objectivity. In this role, you will apply quantitative and qualitative skills to rigorously analyze AI security problems of national and international importance. Leading multidisciplinary teams of policy researchers, engineers, and scientists, you’ll shape recommendations for the White House, multiple regulatory agencies, the intelligence community, other national governments, and industry.

You will communicate the results of your work to both technical and non-technical audiences through quick-turnaround policy briefs and detailed written research products.

This role offers a unique opportunity to drive key policy decisions, ensuring the responsible development and deployment of powerful AI technologies.

Qualifications
All research positions at RAND require excellent analytic skills; the ability to communicate clearly and effectively, both orally and in writing; the ability to work effectively as a member of a multi-disciplinary team; and a strong commitment to RAND's core values of quality and objectivity. All applicants are expected to have evidence of strong skills in the technical aspects of information security. Successful applicants will also have research experience applying these skills in government, industry, and/or academia.

Applicants with more than 10 years of experience will also be required to have the ability to mentor and develop junior staff members, lead and direct multi-disciplinary teams, set project standards and monitor progress, engage with sponsors, and communicate interim and results to the RAND community and to policy-making audiences.

Successful applicants will have demonstrated technical or methodological skills, and/or domain knowledge in AI and Information Security. Examples of relevant qualifications may include one or more of the following:

1. 6+ years of technical experience in security engineering, software engineering, firmware engineering, hardware engineering, or related fields
2. 2+ years of management experience, including leading cross-functional teams, managing project budgets, and mentoring and developing team members
3. Demonstrated ability to lead complex projects to completion
4. Proficiency in Python, Java, C/C++, or other popular programming languages
5. Ability to develop rigorous and comprehensive threat models and identify potential system vulnerabilities
6. Strong ability to communicate effectively in English, both verbally and in writing
7. Ability to reason about policy options given different technical considerations
8. Graduate of the Computer Network Operations Development Program (CNODP), Remote Interactive Operator Training (RIOT), Future Operator Readiness Growth and Enrichment (FORGE), or equivalent experience
9. Experience with reverse engineering, red team operations, or offensive cyber capabilities development
10. Understanding of advanced persistent threat (APT) tactics, techniques, and procedures (TTPs) and experience with defending against them
11. Ability to think creatively about offensive and/or defensive techniques and strategies, beyond compliance with existing regulations
12. Familiarity with U.S. cybersecurity agencies, authorities, and policy development processes
13. Experience working in or with government on cybersecurity policy
14. Experience with advising non-technical stakeholders on security topics
15. Familiarity with the AI/ML hardware stack (e.g. GPUs, TPUs, data center design)
16. Familiarity with the AI/ML software stack (e.g. CUDA, PyTorch, TensorFlow, Ray)
17. Experience working on AI research, ML model training, or model deployment
18. Experience with securing AI systems

Experience
All applicants must have documented research experience specific to technical policy research, either as part of academic activities (e.g. dissertation) or professional experience.

Education Requirements
A Ph.D. in engineering, operations research, applied mathematics, physical sciences, or related fields is preferred. A master’s degree with at least 5 years of relevant professional experience, or a bachelor’s degree with at least 10 years of relevant professional experience, is required. This relevant professional experience should demonstrate the applicant’s ability to design, execute and disseminate results of research using analytically rigorous methods.

Security Clearance
Ability to obtain and maintain a U.S. government clearance is preferred but not required.

Location
We are actively hiring for this position in San Francisco, CA, as well as our RAND offices in Washington, DC; Santa Monica, CA; Pittsburgh, PA; and Boston, MA. We offer a hybrid work arrangement, combining work from home and on-site options. Fully remote work will also be considered.

Writing Sample
A writing sample is required for this position. This sample can use a recent, previously written paper or technical report (e.g., journal article, master’s thesis or paper written for coursework, research project, technical analysis, briefings). Applicants with work experience in which they have not produced written products (e.g., ML model development), or in which written products have dissemination restrictions, may submit a short, written summary (i.e., less than one page) of recent products they have developed.

Term
This position is a 2-year term position with the possibility of renewal for an additional year alongside options for longer term employment. RAND can provide visa and relocation support for this role.

Salary Range: $100,000 - $262,500
Technical Policy Researcher, Associate = $100,000 - $154,200
Technical Policy Researcher, Full = $115,400 - $190,000
Technical Policy Researcher, Senior = $152,700 - $262,500

RAND considers a variety of factors when formulating an offer, including but not limited to, the specific role and associated responsibilities; a candidate’s work experience, education/training, skills, expertise; and internal equity. Successful candidates will be offered employment as an Associate, Full, or Senior researcher in a specific title, as determined by the candidate's education and experience. The salary range includes base pay plus RAND’s sabbatic pay (which provides additional compensation above base pay when vacation is taken). In addition, RAND provides strong benefits including health insurance coverage, life and disability insurance, savings plan, paid time-off and more.

Equal Opportunity Employer: race/color/religion/sex/sexual orientation/gender identity/national origin/disability/vet.

#J-18808-Ljbffr