Research EngineerResearch Scientist Red Team (Misuse)

About the AI Security Institute

The AI Security Institute is the worlds largest and best-funded team dedicated to understanding advanced AI risks and translating that knowledge into action. Were in the heart of the UK government with direct lines to No. 10 (the Prime Ministers office) and we work with frontier developers and governments globally.

Were here because governments are critical for advanced AI going well and UK AISI is uniquely positioned to mobilise them. With our resources unique agility and international influence this is the best place to shape both AI development and government action.

Team Description

Interventions that secure a system from abuse by bad actors or misaligned AI systems will grow in importance as AI systems become more capable autonomous and integrated into society.

The Misuse Red Team is a specialised sub-team within AISIs wider Red Team. We red-team frontier AI safeguards for dangerous capabilities research novel attack vectors and develop advanced automated attack tooling. We share our findings with frontier AI companies (includingAnthropicOpenAIDeepMind) key UK officials and other governmentstoinform their respective deployment research and policy decision-making.

We have published on several topics includingnovelautomated attackalgorithms(Boundary Point Jailbreaking)poisoning attackssafeguards safety casesdefending finetuning APIsthird-party attacks on agentsagent misuse andpre-training data filtering. Some example impact cases have been advancing the benchmarking of agent misuse identifying novel vulnerabilities and collaborating with frontier labs to mitigate them and producing insights into the feasibility and effectiveness of attacks and defences in data poisoningand fine-tuning APIs.

Role Description

Were looking for research scientists and research engineers for our misuse sub-team with expertise developing and analysing attacks and protections for systems based on large language models or who have broader experience with frontier LLM research and development. An ideal candidate would have a strong track record of performing and publishing novel and impactful research in these or other areas of LLM research. Were looking for:

• Research Scientists whotypically leadtechnical directionpickingthe questions designingthe experiments and owningthe conclusions (typicallyevidencedby a strong publication record).
• Research Engineers whotypically leadexecution building the systems and code that make thoseexperimentspossible at scale and owningreliability speed and reproducibility.

In practice wecan support staffs work spanning or alternating between research and engineering.If you have a preference please specify this in your application.

The team is currently led byEric WinsorandXander Daviesadvised byGeoffrey IrvingandYarin Gal. Youll work with incredible technical staff across AISI including alumni from Anthropic OpenAI DeepMind and top universities. You may also collaborate with external teams from Anthropic OpenAI and Gray Swan.

We are open to hires at junior senior staff and principal research scientist levels.

Representative projects you might work on

• Designing buildingrunningand evaluating methods to automatically attack and evaluate safeguards such as LLM-automated attacking and direct optimisation approaches.

• Building a benchmark for asynchronous monitoring for signs of misuse and jailbreak development across multiple model interactions.

• Investigating novel attacks and defences for data poisoning LLMs with backdoors or other attacker goals.

• Performing adversarial testing of frontier AI system safeguards and producingreports that are impactful and action-guiding for safeguard developers.

Whatwerelooking for

In accordance withtheCivil Service Commissionrules the following listcontainsall selection criteria for the interview process.

The experiences listed below should be interpreted as examples of theexpertisewerelooking for as opposed to a list of everything we expect to find in one applicant:

You may be a good fit if you have:

• Hands-on research experience with large language models (LLMs) - such as training fine-tuning evaluation or safety research.

• A demonstratedtrack recordof peer-reviewed publications in top-tier ML conferences or journals.

• Ability and experience writing clean documented research code for machine learning experiments including experience with ML frameworks likePyTorchor evaluation frameworks like Inspect.

• A sense of mission urgency responsibility for success.

• An ability to bring your own research ideas and work in a self-directed way while also collaborating effectively and prioritizing team efforts over extensive solo work.

Strong candidates may also have:

• Experience working on adversarial robustness other areas of AI security or red teaming against any kind of system.

• Experience working on AI alignment or AI control.

• Extensive experience writing production quality code.

• Desire to and experience with improving our team through mentoring and feedback.

• Experience designing shipping andmaintainingcomplex technical products.

What We Offer

Impact youcouldnthave anywhere else

• Incredibly talented mission-drivenand supportive colleagues.

• Direct influence on how frontier AI is governed and deployed globally.

• Work with the Prime Ministers AI Advisor and leading AI companies.

• Opportunity to shape the first & best-resourced public-interest research team focused on AI security.

Resources & access

• Pre-release access to multiple frontier models and ample compute.

• Extensive operational support so you can focus on research and ship quickly.

• Work with experts across national security policy AIresearchand adjacent sciences.

Growth & autonomy

• Ifyouretalented and drivenyoullown important problems early.

• 5 days offand annual stipends forlearning and development andfunding for conferences and external collaborations.

• Freedom to pursue research bets without product pressure.

• Opportunities to publish and collaborate externally.

Life & family*

• Modern central London office (cafes food court gym)orwhere applicableoptionto work in similar government offices in Birmingham Cardiff Darlington EdinburghSalfordor Bristol.

• Hybrid working flexibility for occasional remote work abroad and stipends for work-from-home equipment.

• At least 25 days annual leave 8 public holidays extra team-widebreaksand 3 days off for volunteering.

• Generous paid parental leave (36 weeks of UK statutory leave shared between parents 3 extra paid weeks option foradditionalunpaid time).

• On top of your salary we contribute 28.97% of your base salary to your pension.

• Discounts and benefits for cycling to work donations and retail/gyms.

*These benefits apply to direct employees. Benefits may differ for individuals joining through other employment arrangements such as secondments.

Salary

Annual salary is benchmarked to role scope and relevant experience. Most offers land between 65000 and 145000 made up of a base salary plus a technical allowance (take-home salary base technical allowance). Anadditional28.97% employer pension contribution is paid on the base salary.

This role sits outside of theDDaT pay frameworkgiven the scope of this role requires in depth technicalexpertisein frontier AI safetyrobustnessand advanced AI architectures.

The full range of salaries are available below:

• Level 3:(Base35720 Technical Allowance)

• Level 4:(Base42495 Technical Allowance)

• Level 5:(Base55805 Technical Allowance)

• Level 6:(Base68770 Technical Allowance)

• Level 7:145000(Base68770 Technical Allowance76230)

Selection process

The interview process may vary candidate tocandidatehowever you should expect a typical process to include some technicalproficiencytests discussions with a cross-section of our team at AISI (including non-technical staff) conversations with your team lead. The process will culminate in a conversation with members of the senior leadership team here at AISI.

Candidates should expect to go throughsome orallofthe following stages once an application has beensubmitted:

• Initial assessment

• Initial screening call

• Research interview

• Technical assessment

• Behavioural interview

• Final interview with members of the senior leadership team

Additional Information