The Semantics, Cybersecurity and Services (SCS) group at the University of Twente is looking for a full-time PhD to join the research team, working on Software Security. The position is embedded in the context of the NWO project “P6: Prioritization for Prompt Patching of Programs with Pernicious Problems”, in collaboration with the Vrije Universiteit Amsterdam and several industry partners.

In this PhD project, we intend to research automated techniques to analyze, exploit, and patch software vulnerabilities, after the detection phase. In fact, current tools, such as fuzzers, detect more potential flaws than organizations can fix. We plan to design and develop automated techniques to analyze discovered vulnerabilities, assess their risk, prioritize the critical ones, and generate patches. Unlike prior work, we consider vulnerabilities in their context, including interactions between vulnerabilities and defenses, allowing for prompt mitigation.

As the prospective PhD candidate, you will be appointed for a period of four years, and you are expected to perform high-quality research that gets published at some of the top security conferences and implement open-source research prototypes that the community can benefit from. The SCS group is internationally recognized in the broad areas of systems and data security and is unique for its collaborative and friendly atmosphere, in which researchers have considerable freedom in picking their projects and receive substantial support from supervisors and colleagues. We publish in top-tier conferences to maximize our visibility and impact, and we can guide you toward becoming a top researcher and boosting your CV. Besides, during the PhD, you will have the opportunity to broaden your knowledge and network by joining international exchange programs, participating in national and international conferences, and visiting other research institutes and universities worldwide.

• You are a highly motivated and enthusiastic researcher, aspiring to do world-class research and have real-world impact.
• You enjoy low-level hacking and experimentation and are a good programmer, especially in C/C++.
• You have a MSc degree with excellent grades in computer science or a closely related discipline; applications from students who are about to finish their MSc degree studies will be considered as well.
• You have a solid background in systems and software security and have knowledge and skills in topics such as fuzzing, static analysis, and symbolic execution.
• You are an independent and original thinker with a creative mindset and excellent analytical and communication skills.
• You are curious and interested in learning how things work and how to make them better.
• You have great team spirit and like to work in an internationally-oriented and interdisciplinary environment.
• You are fluent in English.

• You will be appointed full-time for four years within a very stimulating and exciting scientific environment;
• The University offers a dynamic ecosystem with enthusiastic colleagues;
• Your salary and associated conditions are in accordance with the collective labour agreement for Dutch universities (CAO-NU); You will receive a gross monthly salary ranging from € 2.770 and € 3.539;
• There are excellent benefits including a holiday allowance of 8% of the gross annual salary, an end-of-year bonus of 8.3%, and a solid pension scheme;
• A family-friendly institution that offers parental leave (both paid and unpaid);
• We encourage a high degree of responsibility and independence, while collaborating with close colleagues, researchers, and other staff.

Digitalization brings many new opportunities for businesses and governments by fostering the development of innovative online services. However, this development also brings new challenges, notably in terms of intelligence, interoperability, security, and privacy. The mission of the Semantics, Cybersecurity and Services (SCS) group is to advance the development of innovative online services with improved quality through context-alignment and with reduced security and privacy threats.

SCS is part of the Twente University Centre for Cybersecurity Research (TUCCR), a public-private partnership where experts, professionals, entrepreneurs, researchers, and students from industry and knowledge partners collaborate to deliver talents, innovations, and know-how in the domain of cybersecurity. The mission of TUCCR is to strengthen the security and digital sovereignty of our society by performing top-level research on real-world data, systems, and network security challenges. To achieve significant societal impact, TUCCR combines technical, socio-economic, and ethical know-how and is equipped with state-of-the-art infrastructure, ranging from security labs, testbeds, and data lakes.

Are you interested in this position? Please submit your application before May 31 via the ‘Apply now’ button below and include:

• A motivation letter (maximum 2 pages A4), emphasizing your specific interest, qualifications, and motivation to apply for a research position in this area.
• A detailed Curriculum Vitae, including any publications if applicable, academic awards, and your working experience.
• An academic transcript of MSc education, including grades.

For more information, please contact dr.ir. Andrea Continella (a.continella@utwente.nl).