Senior/Principal R&D Digital Systems Security, Hybrid

Sandia National Laboratories is the nation's premier science and engineering lab for national security and technology innovation, with teams of specialists focused on cutting-edge work in a broad array of areas. Some of the main reasons we love our jobs:

• Challenging work with amazing impact that contributes to security, peace, and freedom worldwide
• Extraordinary co-workers
• Some of the best tools, equipment, and research facilities in the world
• Career advancement and enrichment opportunities
• Flexible work arrangements for many positions include 9/80 (work 80 hours every two weeks, with every other Friday off) and 4/10 (work 4 ten-hour days each week) compressed workweeks, part-time work, and telecommuting (a mix of onsite work and working from home)
• Generous vacation, strong medical and other benefits, competitive 401k, learning opportunities, relocation assistance and amenities aimed at creating a solid work/life balance*

World-changing technologies. Life-changing careers. Learn more about Sandia at: http://www.sandia.gov

*These benefits vary by job classification.

Are you passionate about designing and securing high consequence digital systems of national importance? Do you enjoy exploring novel hardware and software security architectures, and applying rigorous formal and experimental techniques to ensure system correctness and resilience? Are you excited about leveraging emerging technologies such as artificial intelligence (AI) to enhance security analysis, verification, and risk discovery?

If so, Sandia is looking for exceptional R&D Digital Systems Security Engineers (job title: R&D Cybersecurity) to join our team. You will work closely with weapon systems teams to design security architectures and recommend effective mitigating strategies. You would engage in research to design, analyze, and validate cyber-relevant operations for mission critical systems and environments alongside multidisciplinary teams. Your expertise will help shape and grow a forward-thinking, collaborative culture that embraces innovation and scales capabilities that support national security objectives. Come join our team and make a national impact.

On any given day, you may be called on to:

• Lead and conduct security assessment, red-teaming exercises and technical evaluations to discover and mitigate vulnerability risk.
• Architect, design, and validate security implementations of digital systems
• Develop workflows that automate cyber risk discovery, generate proof obligations and test artifacts, and support rigorous verification processes to improve trusted and assured operation of systems in relevant mission environments.
• Explore and integrate emerging technologies - including artificial intelligence, design automation tools and analysis frameworks - to enhance security analysis, assured performance, and cyber risk discovery.
• Conduct hands-on experimentation and prototyping using simulation and emulation platforms to validate security concepts.
• Serve as a security and cyber systems subject matter expert for modernization, stockpile, and national security programs
• Contribute to the development and refinement of security policies, standards, and best practices
• Propose and drive new research and development that advance cyber systems hardening.
• Build strong relationships across internal teams, research centers, and external partners including academia and industry to foster collaboration and knowledge sharing.
• Mentor and collaborate across centers to foster a mission-driven culture of innovation, continuous learning, and technical excellence.

The selected applicant can work a combination of onsite and offsite work. The selected applicant must live within a reasonable distance for commuting to the assigned work location when necessary.

Applicants on this requisition may be interviewed by multiple organizations at Sandia National Laboratories.

$139,900 - $280,600

*Salary range is estimated, and actual salary will be determined after consideration of the selected candidate's experience and qualifications, and application of any approved geographic salary differential.

• A Bachelor's degree in a relevant discipline and five (5) years of directly relevant experience, or an equivalent combination of directly relevant education and engineering or scientific experience that demonstrates the knowledge, skills, and ability to perform independent research and development.
• Ability to obtain and maintain a DOE Q-level security clearance.

The ideal R&D S&E Cybersecurity candidate for Sandia National Laboratories will in addition possess the following:

• Graduate degree in Computer Science/Engineering, Electrical Engineering, Computer Information Systems, Computer Forensics, Mathematics or a directly related field where an independent research project was a graduation requirement (e.g., independent project, thesis, or dissertation).
• Experience in one or more of the following: reverse engineering, software vulnerability assessment, web application assessment, computer networking, computer architecture, compilers, or similar computer security topics.
• Proficiency in scripting or high-level programming.
• Familiarity with secure-system design principles and information assurance principles.
• Excellent communication skills and a demonstrated ability to develop technical ideas and results and present them in oral and written form in a concise manner.

Also, for this posting we are seeking individuals with the following experience:

• Experience in one or more of the following: electronic design, hardware development, formal methods, applied cryptography, vulnerability assessment, threat modeling, risk assessment, testing methodologies, hardware/software co-design, and systems security engineering.
• Experience evaluating trade-offs among system complexity, design constraints, and security requirements for mission-critical systems
• Familiarity with secure software and firmware development or hardware/software security architecture, including secure coding practices and embedded system protections.
• Proficiency with hardware description languages and understanding of digital IC product lifecycles (ASIC, FPGA).
• Experience with formal methods and theorem proving tools (e.g. RocQ, Lean) for hardware and software security verification, including cryptographic protocol verification tools
• Experience auditing code in C/C++, Java, Python, Rust, Assembly, or hardware design languages, with an understanding of their security implications.
• Familiarity with hardware/software security verification, electronic design automation tools, embedded architectures, and testing methodologies.
• Experience with experimental security testing techniques such as penetration testing, fuzzing, side-channel analysis, or red teaming.
• Experience or strong interest in applying artificial intelligence, machine learning, or other emerging technologies to enhance security analysis, verification, or risk discovery.
• Hands-on experience with experimental validation, prototyping, or emulation platforms.
• Awareness of current research trends, emerging security tools, and government cyber capabilities relevant to digital systems security.
• Knowledge of security requirements, standards, and assurance frameworks (e.g., NIST, CNSS) and risk management processes.
• Strong foundation in secure-system design principles and information assurance.
• Broad security expertise across hardware, software, and firmware domains.
• Proven track record of conducting research that results in innovative technical solutions.
• Experience leading technical projects or teams in research or operational settings.
• Demonstrated leadership in project management, communication, and effective collaboration within multidisciplinary teams.
• Demonstrated ability to convey complex technical concepts to diverse audiences.
• Demonstrated ability to balance mission priorities with research innovation and execute with discipline and focus.
• Active DOE Q-level security clearance.

The Cyber Systems Hardening department works closely with other teams within the Cyber and Digital Assurance group to identify credible cyber risks in mission systems and develop innovative solutions to harden these systems against cyber threats. Our efforts include supporting hardware-based acceleration and emulation of system-on-chip architectures, conducting technical evaluations for stockpile stewardship, modernization, and national security programs, and creating orchestration platforms that enable effective risk discovery and rigorous verification of cyber requirements. Additionally, we steward cyber-experimentation hardware and capabilities, supporting both civilian and mission-focused cyber demonstrations.

In close partnership, the Cyber Risk & Security department provides specialized digital-system security expertise and analysis for Nuclear Deterrent (ND) system and component design, verification, and assessment. Collaborating with ND programs, they ensure that digital specifications, verification, and reliability considerations are well informed by cyber security risks. Their research focuses on developing digital-security methods and tools for embedded systems in ND applications, while maintaining strong connections with external cybersecurity experts and internal cyber organizations to stay at the forefront of digital security research.

Together, these departments leverage formal and experimental methodologies to validate hardware protections that support ongoing missions and explore novel computing architectures that integrate innovations from multiple centers. By engaging with researchers as adopters, integrators, and innovators, they sustain Sandia's technical leadership in Nuclear Deterrence and broader national security initiatives.

This posting will be open for application submissions for a minimum of three (3) calendar days, including the 'posting date'. Sandia reserves the right to extend the posting date at any time.

Sandia is required by DOE to conduct a pre-employment drug test and background review that includes checks of personal references, credit, law enforcement records, and employment/education verifications. Applicants for employment need to be able to obtain and maintain a DOE Q-level security clearance, which requires U.S. citizenship. If you hold more than one citizenship (i.e., of the U.S. and another country), your ability to obtain a security clearance may be impacted.

Applicants offered employment with Sandia are subject to a federal background investigation to meet the requirements for access to classified information or matter if the duties of the position require a DOE security clearance. Substance abuse or illegal drug use, falsification of information, criminal activity, serious misconduct or other indicators of untrustworthiness can cause a clearance to be denied or terminated by DOE, resulting in the inability to perform the duties assigned and subsequent termination of employment.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status and any other protected class under state or federal law.

If you have a Medical Portable Electronic Device (MedPED), such as a pacemaker, defibrillator, drug-releasing pump, hearing aids, or diagnostic equipment and other equipment for measuring, monitoring, and recording body functions such as heartbeat and brain waves, if employed by Sandia National Laboratories you may be required to comply with NNSA security requirements for MedPEDs.

If you have a MedPED and you are selected for an on-site interview at Sandia National Laboratories, there may be additional steps necessary to ensure compliance with NNSA security requirements prior to the interview date.