AI and Information Security Researcher

Company: RAND Corporation
Location: Washington
Posted on: November 16, 2024

Job Description:

Job Type: Term (Fixed Term)OverviewRAND's Meselson Center, part of the Global and Emerging Risks (GER) division, is seeking mission-driven cybersecurity experts to address critical challenges at the intersection of AI, information security, and national security. As an AI and Information Security Researcher, you'll manage and lead projects that directly impact AI and cybersecurity policy at the highest levels of government and industry, contributing to the security and integrity of powerful AI systems.Your work will address key questions related to securing AI systems, understanding their cyber capabilities, and examining their policy implications. You will be responsible for significant research budgets and personnel, leading complex projects that span technical research, policy analysis, and infrastructure development. For example, you might lead projects to develop AI-specific threat models, build software tools for AI cyber capability evaluations, or identify critical areas for new security R&D.RAND's reputation for excellence is built on our commitment to high-quality, rigorous analysis and objectivity. In this role, you will apply quantitative and qualitative skills to rigorously analyze AI security problems of national and international importance. Leading multidisciplinary teams of policy researchers, engineers, and scientists, you'll shape recommendations for the White House, multiple regulatory agencies, the intelligence community, other national governments, and industry.You will communicate the results of your work to both technical and non-technical audiences through quick-turnaround policy briefs and detailed written research products. A recent example of one of our research products is the Securing AI Model Weights report, which explored protecting frontier AI models from theft and misuse.This role offers a unique opportunity to drive key policy decisions, ensuring the responsible development and deployment of powerful AI technologies.QualificationsAll research positions at RAND require excellent analytic skills; the ability to communicate clearly and effectively, both orally and in writing; the ability to work effectively as a member of a multi-disciplinary team; and a strong commitment to RAND's core values of quality and objectivity. All applicants are expected to have evidence of strong skills in the technical aspects of information security. Successful applicants will also have research experience applying these skills in government, industry, and/or academia.Applicants with more than 10 years of experience will also be required to have the ability to mentor and develop junior staff members, lead and direct multi-disciplinary teams, set project standards and monitor progress, engage with sponsors, and communicate interim and results to the RAND community and to policy-making audience.Successful applicants will have demonstrated technical or methodological skills, and/or domain knowledge in AI and Information Security. Examples of relevant qualifications may include one or more of the following:Preferred:* 6+ years of technical experience in security engineering, software engineering, firmware engineering, hardware engineering, or related fields* 2+ years of management experience, including leading cross-functional teams, managing project budgets, and mentoring and developing team members* Demonstrated ability to lead complex projects to completion* Proficiency in Python, Java, C/C++, or other popular programming languages* Ability to develop rigorous and comprehensive threat models and identify potential system vulnerabilities* Strong ability to communicate effectively in English, both verbally and in writing* Ability to reason about policy options given different technical considerations* Graduate of the Computer Network Operations Development Program (CNODP), Remote Interactive Operator Training (RIOT), Future Operator Readiness Growth and Enrichment (FORGE), or equivalent experience* Experience with reverse engineering, red team operations, or offensive cyber capabilities development* Understanding of advanced persistent threat (APT) tactics, techniques, and procedures (TTPs) and experience with defending against them* Ability to think creatively about offensive and/or defensive techniques and strategies, beyond compliance with existing regulations* Familiarity with U.S. cybersecurity agencies, authorities, and policy development processes* Experience working in or with government on cybersecurity policy* Experience with advising non-technical stakeholders on security topics* Familiarity with the AI/ML hardware stack (e.g. GPUs, TPUs, data center design)* Familiarity with the AI/ML software stack (e.g. CUDA, PyTorch, TensorFlow, Ray)* Experience working on AI research, ML model training, or model deployment* Experience with securing AI systemsExperienceAll applicants must have documented research experience specific to technical policy research, either as part of academic activities (e.g. dissertation) or professional experience.Education RequirementsA Ph.D. in engineering, operations research, applied mathematics, physical sciences, or related fields is preferred. A master's degree with at least 5 years of relevant professional experience, or a bachelor's degree with at least 10 years of relevant professional experience, is required. This relevant professional experience should demonstrate the applicant's ability to design, execute and disseminate results of research using analytically rigorous methods.Security ClearanceAbility to obtain and maintain a U.S. government clearance is preferred but not required.LocationWe are actively hiring for this position in San Francisco, CA, as well as our RAND offices in Washington, DC; Santa Monica, CA; Pittsburgh, PA; and Boston, MA. We offer a hybrid work arrangement, combining work from home and on-site options. Fully remote work will also be considered.Writing SampleA writing sample is required for this position. This sample can use a recent, previously written paper or technical report (e.g., journal article, master's thesis or paper written for coursework, research project, technical analysis, briefings). Applicants with work experience in which they have not produced written products (e.g., ML model development), or in which written products have dissemination restrictions, may submit a short, written summary (i.e., less than one page) of recent products they have developed.TermThis position is a 2-year term position with the possibility of renewal for an additional year alongside options for longer term employment. RAND can provide visa and relocation support for this role.Salary Range: $100,000 - $262,500Technical Policy Researcher, Associate = $100,000 - $154,200Technical Policy Researcher, Full = $115,400 - $190,000Technical Policy Researcher, Senior = $152,700 - $262,500RAND considers a variety of factors when formulating an offer, including but not limited to, the specific role and associated responsibilities; a candidate's work experience, education/training, skills, expertise; and internal equity.Successful candidates will be offered employment as an Associate, Full, or Senior researcher in a specific title, as determined by the candidate's education and experience. The salary range includes base pay plus RAND's sabbatic pay (which provides additional compensation above base pay when vacation is taken). In addition, RAND provides strong benefits including health insurance coverage, life and disability insurance, savings plan, paid time-off and more.Equal Opportunity Employer: race/color/religion/sex/sexual orientation/gender identity/national origin/disability/vet

Keywords: RAND Corporation, Potomac , AI and Information Security Researcher, Other , Washington, Maryland