Are you an aspiring computer science researcher interested in what can be done to make our digital world more secure? Then you have a part to play as a PhD candidate. By investigating techniques to design, analyse and test software, you will help us develop new, innovative methods to improve software security.

Cyber security problems have increased dramatically over the past decades. Not a day goes by without a major data leak, some system being hacked, or some organisation being ransomwared. This trend only looks set to continue as our society relies on IT to an ever larger degree. Software is an important root cause of cyber security problems: software is what gives modern IT its flexibility and power, but it also comes with flaws, ranging from simple coding mistakes to fundamental design flaws, which enable cyber criminals to exploit all this power and flexibility to attack individuals and organisations.

Producing more secure software is a major challenge. To address this challenge, our research group investigates ways to analyse, design and test software for security flaws or, better still, prevent security flaws during design and construction. Examples of techniques we have used for this include automated reverse engineering with state machine inference to spot flaws in the program logic, the LangSec (Language-theoretic Security) approach to structurally improve input handling, and security testing by means of fuzzing. Some of these techniques can also be used for offensive purposes, for example in pentesting, but our ultimate objective is to contribute to the defensive side of security by improved software engineering practices. This is not limited to the techniques mentioned above: depending on your own interests, there are other aspects of secure software engineering that could be investigated, for example better management of software supply chain risks using SBOMs and SaasBOMs.

Under the supervision of Dr Erik Poll, you will work on INTERSECT, a larger national research project into the security of the Internet of Things (IoT). INTERSECT is funded by the Dutch Research Council (grant NWA.1160.18.301). It involves six universities and over 20 organisations from the public and private sectors, including security evaluation companies, IT vendors, and some government and non-profit organisations. So you will have the chance to collaborate with researchers from a range of backgrounds.

You will spend roughly 10 percent of your time on assisting with the teaching in our department. This will typically include tutoring practical assignments, grading coursework, and supervising student projects.

• You should hold a Master's degree in Computer Science.
• You have a strong interest in cybersecurity and software engineering and are keen to learn more about their interaction. Experience with pentesting - or more generally the offensive side of security - is a plus, but you should also be interested in the constructive, software engineering side of security.
• You possess good critical thinking and analytical skills.
• You are fluent in verbal and written English and have good communication, presentation and writing skills.
• You value innovation, technical rigour and teamwork.

Fixed-term contract: 1,5 years, after which your performance will be evaluated. If the evaluation is positive, your contract will be extended by 2.5 years (4-year contract) or 3.5 years (5-year contract).

• We will give you a temporary employment contract (0.8 FTE 5- year contract - 1.0 FTE 4- year contract) of 1,5 years, after which your performance will be evaluated. If the evaluation is positive, your contract will be extended by 2.5 years (4-year contract) or 3.5 years (5-year contract).
• You will receive a starting salary of €2,770 gross per month based on a 38-hour working week, which will increase to €3,539 from the fourth year onwards (salary scale P).
• You will receive an 8% holiday allowance and an 8,3% end-of-year bonus.
• You will be able to use our Dual Career and Family Support Service. The Dual Career Programme assists your partner via support, tools, and resources to improve their chances of independently finding employment in the Netherlands. Our Family Support Service helps you and your partner feel welcome and at home by providing customised assistance in navigating local facilities, schools, and amenities. Also take a look at our support for international staff page to discover all our services for international employees.
• You will receive extra days off. With full-time employment, you can choose between 30 or 41 days of annual leave instead of the statutory 20.

Work and science require good employment practices. This is reflected in Radboud University's primary and secondary employment conditions. You can make arrangements for the best possible work-life balance with flexible working hours, various leave arrangements and working from home. You are also able to compose part of your employment conditions yourself, for example, exchange income for extra leave days and receive a reimbursement for your sports subscription. And of course, we offer a good pension plan. You are given plenty of room and responsibility to develop your talents and realise your ambitions. Therefore, we provide various training and development schemes.

You will be a member of the Digital Security group working with Dr Erik Poll and fellow PhD candidates. The Digital Security group is one the largest security research groups in the Netherlands with researchers in the group working on a range of topics in cryptography, privacy and cyber security. Tackling the societal challenges of security and privacy goes beyond just the technical field of computer science. Therefore, some of our group’s research is carried out as part of the Radboud iHUB, our university’s interdisciplinary research hub on digitalisation and society.

You can apply no later than 19 May only via the button below. Address your letter of application to dr. ir. Erik Poll.

The first interviews will take place on 27 May. Any second interview will take place on 10 June. You will preferably start your employment on 1 September 2024.

We can imagine you're curious about our application procedure. It describes what you can expect during the application procedure and how we handle your personal data and internal and external candidates. If you wish to apply for a non-scientific position with a non-EU nationality, please take notice of the following information.