Cybercriminal activities are supported by a vast ecosystem of online communities provisioning the technical and non-technical capabilities needed to generate and deliver cyber-attacks at scale. These communities are historically forum-based, and are known to differ substantially in the type and quality of criminal technology they support. Crucially, threat intelligence used to detect and counter cyber-attacks worldwide relies for a sizeable part on the quality and timeliness of threat information gathered from these communities. 

On the other hand, the advent of decentralized, easy to access messaging platforms such as Telegram and Discord is creating a divide between traditional forum-based 'criminal convergence spaces' and new venues for (wanna-be) criminals to meet and exchange information and technology. The forces driving this shift are currently neither understood, nor tracked by the scientific community.  

This PhD position is focused on characterizing the evolution of underground cyber-criminal convergence spaces in terms of their shift and balances across different channels and venues. Of particular focus will be the investigation of forum and telegram-based communities, with the goal of identifying specific communities where novel, credible cyber-threats are made available to (a restricted selection of) members of the cybercriminal community. To address this question, the PhD candidate will be tasked with identifying and infiltrating emergent cybercriminal communities, and covertly analyse their evolution and member activity. Of essential importance will be the development of an extensive measurement infrastructure to monitor identified channels, as well as the ability to run qualitative, subject-based studies (e.g. interviews) with members of said communities to understand motivations and rationales for community participation.  

This research is conducted within the Threat Analysis group of the SECurity cluster of TU Eindhoven, the Netherlands, and in collaboration with the Netherlands Center for the Study of Crime and Law Enforcement (NSCR). The TU/e Threat Analysis group is uniquely equipped to support this research providing multi-year experience and access to prominent criminal markets, and years-long experience on economic and engineering aspects of cyber-attacks. The group also provide direct access to the ESH-SOC (Eindhoven Security Hub Security Operation Center), an operative environment collecting threat data from third party IT infrastructures to provide information and an experimentation environment for the detection and investigation of incoming threats. 

This position offers a unique opportunity to conduct truly multi-disciplinary research with a variety of quantitative and qualitative methods in the field of cybersecurity, offering a vertical view on attackers from a privileged observation viewpoint. 

This position is part of the NWO/NWA INTERSECT project Grant Number NWA.1160.18.301. More information on the project is available here: https://intersct.nl/.

• A master's degree (or an equivalent university degree) in Computer Science or equivalent. 
• A strong background and interest in cybersecurity and propensity and natural interest towards multidisciplinary perspectives on open problems 
• (Some) fluency in Russian and/or Mandarin is considered a plus.  
• Experience on empirical methods and statistical analysis are welcome, but not required. 
• A propensity for qualitative work supporting quantitative approaches, and an interest in human factors and technology are considered a strong plus. 
• Ability to work in an interdisciplinary team. 
• Initiative and motivation to work independently. 
• Interest in developing your teaching skills and coaching students. 
• Fluent in spoken and written English (C2/C1 level). 

A meaningful job in a dynamic and ambitious university, in an interdisciplinary setting and within an international network. You will work on a beautiful, green campus within walking distance of the central train station. In addition, we offer you: 

• Full-time employment for four years, with an intermediate evaluation (go/no-go) after nine months. You will spend 10% of your employment on teaching tasks. 
• Salary and benefits (such as a pension scheme, paid pregnancy and maternity leave, partially paid parental leave) in accordance with the Collective Labour Agreement for Dutch Universities, PhD scale (min. €2,770 max. €3,539). 
• A year-end bonus of 8.3% and annual vacation pay of 8%. 
• High-quality training programs and other support to grow into a self-aware, autonomous scientific researcher. At TU/e we challenge you to take charge of your own learning process. 
• An excellent technical infrastructure, on-campus children's day care and sports facilities. 
• An allowance for commuting, working from home and internet costs. 
• A Staff Immigration Team and a tax compensation scheme (the 30% facility) for international candidates.