AI and Information Security Analyst

Job Type:

RAND's Meselson Center, part of the Global and Emerging Risks (GER) division, is seeking mission-driven cybersecurity experts to address critical challenges at the intersection of AI, information security, and national security. As an AI and Information Security Analyst, you'll directly impact AI and cybersecurity policy at the highest levels of government and industry, contributing to the security and integrity of powerful AI systems.

Your work will address key questions related to securing AI systems, understanding their cyber capabilities, and examining their policy implications. Your work will span technical research, policy analysis, and infrastructure development. For example, you might develop AI-specific threat models, build software tools for AI cyber capability evaluations, or identify critical areas for new security R&D.

RAND's reputation for excellence is built on our commitment to high-quality, rigorous analysis and objectivity. In this role, you will apply quantitative and qualitative skills to rigorously analyze AI security problems of national and international importance. Working with multidisciplinary teams of policy researchers, engineers, and scientists, you’ll shape recommendations for the White House, multiple regulatory agencies, the intelligence community, other national governments, and industry.

You will communicate the results of your work to both technical and non-technical audiences through quick-turnaround policy briefs and detailed written research products. A recent example of one of our research products is the Securing AI Model Weights report, which explored protecting frontier AI models from theft and misuse.

This role offers a unique opportunity to drive key policy decisions, ensuring the responsible development and deployment of powerful AI technologies.

Responsibilities:
AI & Information Security Analysts will use their technical skills and experience in AI, machine learning, data science, information security, and computer science to:
•    Develop AI-specific threat models and recommendations for risk mitigation
•    Execute evaluations and red-teaming exercises
•    Contribute to the development of research approaches that answer complex questions at the intersection of AI, information security, and policy
•    Apply a broad range of analytically rigorous, quantitative and/or qualitative research methods
•    Create tooling and software to support the above efforts
•    Translate and communicate results to varied audiences ranging from security professionals to public policy makers at all levels through written products and oral presentations

Qualifications
All analyst positions at RAND require excellent analytic skills; the ability to communicate clearly and effectively in English, both orally and in writing; the ability to work effectively as a member of a multi-disciplinary team; and a strong commitment to RAND's core values of quality and objectivity.

Successful applicants will be able to present strong evidence of quantitative and/or qualitative research tools, methods, and technical skills to support large and complex projects; accomplishment with leading or managing large and complex project tasks or analytic tasks; contributions to written research projects, technical reports, and briefings; and training and technical supervision to less experienced staff.

Required:
•    2+ years of technical experience in security engineering, software engineering, firmware engineering, hardware engineering, or related fields
•    Proficiency in Python, Java, C/C++, or other popular programming languages
•    Ability to develop rigorous and comprehensive threat models and identify potential system vulnerabilities
•    Strong ability to communicate effectively in English, both verbally and in writing
•    Ability to work effectively as a member of a multi-disciplinary team
•    Ability to reason about policy options given different technical considerations

Preferred:
•    Graduate of the Computer Network Operations Development Program (CNODP), Remote Interactive Operator Training (RIOT), Future Operator Readiness Growth and Enrichment (FORGE), or equivalent experience
•    Experience with reverse engineering, red team operations, or offensive cyber capabilities development
•    Understanding of advanced persistent threat (APT) tactics, techniques, and procedures (TTPs) and experience with defending against them
•    Ability to think creatively about offensive and/or defensive techniques and strategies, beyond compliance with existing regulations
•    Familiarity with U.S. cybersecurity agencies, authorities, and policy development processes
•    Experience working in or with government on cybersecurity policy
•    Experience with advising non-technical stakeholders on security topics
•    Familiarity with the AI/ML hardware stack (e.g. GPUs, TPUs, data center design)
•    Familiarity with the AI/ML software stack (e.g. CUDA, PyTorch, TensorFlow, Ray)
•    Experience working on AI research, ML model training, or model deployment
•    Experience with securing AI systems

Education Requirements
A master’s degree in Computer Science, Computer Engineering, Electrical Engineering, Cybersecurity, Information Security, Information Technology, Mathematics, Applied Mathematics, Physics, Applied Physics, Engineering Physics, Artificial Intelligence, Machine Learning, Engineering and Public Policy, Technology and Policy, National Security Policy, Policy Analysis, Political Science, International Relations, or similar is required.

Or

A bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, Cybersecurity, Information Security, Information Technology, Mathematics, Applied Mathematics, Physics, Applied Physics, Engineering Physics, or similar with at least 10 years of relevant professional experience, is required.  Relevant professional experience to meet these requirements should demonstrate the applicant’s ability to execute analytically rigorous methods related to information security.

Security Clearance
Ability to obtain and maintain a U.S. government clearance is preferred but not required.

Location
We are actively hiring for this position in San Francisco, CA, as well as our RAND offices in Washington, DC; Santa Monica, CA; Pittsburgh, PA; and Boston, MA. We offer a hybrid work arrangement, combining work from home and on-site options. Fully remote work will also be considered.

Writing Sample
A writing sample is required for this position. This sample can use a recent, previously written paper or technical report (e.g., journal article, master’s thesis or paper written for coursework, research project, technical analysis, briefings).

Applicants with work experience in which they have not produced written products (e.g., ML model development), or in which written products have dissemination restrictions, may submit a short, written summary (i.e., less than one page) of recent products they have developed.

Term
This position is a 2-year term position with the possibility of renewal for an additional year alongside options for longer term employment. RAND's ability to provide visa and relocation support for this role will be considered.

Salary Range: $52,000 - $192,100
Analyst I: $52,000 - $71,500
Analyst II: $62,400 - $85,800
Analyst III: $88,000 - $121,000
Analyst IV: $99,200 - $143,900
Analyst V: $125,900 - $192,100

Hiring ranges for Technical Analysts are slightly higher than the ranges shown.

RAND considers a variety of factors when formulating an offer, including but not limited to, the specific role and associated responsibilities; a candidate’s work experience, education/training, skills, expertise; and internal equity. Successful candidates will be offered employment in a specific title, as determined by the candidate's education and experience. The salary range includes base pay plus RAND’s sabbatic pay (which provides additional compensation above base pay when vacation is taken). In addition, RAND provides strong benefits including health insurance coverage, life and disability insurance, savings plan, paid time-off and more.
 

Equal Opportunity Employer: race/color/religion/sex/sexual orientation/gender identity/national origin/disability/vet