Chair for Software Security @ RUB

Opportunities / Open Positions

We are (almost) always looking for highly motivated PhD students, postdoctoral researchers, and interns to join our group and work with us on tackling open research challenges in software and network security at Ruhr University Bochum in Germany:

  • For internships, you should already have an excellent Bachelor’s degree in Computer Science (Informatik) or IT security and plan to visit our group for approximately 6 months (minimum 3 months).

    We pay our interns a monthly research stipend, which aims to cover living expenses.

  • For PhD positions, you should have an above average Master’s degree or an excellent Bachelor’s degree in Computer Science (Informatik) or IT security.

    Typically, starting a PhD in Germany requires a Master’s degree and takes approximately 4 years. We also consider candidates without a Master’s degree, but with an excellent Bachelor’s degree for US-style PhD student positions, which combines some course work (around 1 year) and doctoral studies (approximately 4 years), with employment in the research group starting immediately. For PhD positions, we almost exclusively hire candidates with whom we have worked with before, for example, through internships.

  • For postdoctoral researcher positions, you need to have a doctoral degree in Computer Science, focusing on Software or Internet security, software engineering, program analysis.

    You need to have contributed to the scientific state of the art during your PhD, as shown by prior publications in the relevant security & privacy, software engineering, program analysis, or measurement conferences.

Currently, most of our research focuses on the following and you should have an interest/understanding of the area:

  • Automatic vulnerability discovery, focusing on addressing and improving existing trade-offs in soundness, completeness, precision, accuracy, and approximation.
  • Program analysis, focusing on stateful applications, especially network protocol implementations. This includes the (automated) analysis of network applications, their underlying network protocols, and how the applications and protocols are being used in the real world.
  • Developing analysis techniques for Internet Security measurements to better understand the security posture of the Internet, such as the impact of centralization and decentralization, and assessing the impact of modern security and privacy protocols, like TLS or DNS-over-HTTPS.

Requirements

The work we do is systems research and heavy on the analysis of real-world systems and engineering. You should have already acquired practical experience and knowledge in at least some of the following areas:

  • Static program analysis techniques, such as data flow analysis, abstract interpretation, or symbolic execution.
  • Dynamic program analysis techniques, like fuzzing.
  • Vulnerability discovery and exploitation, for example, heap or kernel exploitation.
  • Evaluating program/protocol analysis methods and security mechanisms/techniques.
  • Experience with efficient and scalable data analysis techniques.
  • Network measurements and protocol analysis.
  • Network protocols, like TLS, DNS, BGP, or IPv6.
  • Programming experience in Rust, C++, with Go/Kotlin/Swift being close seconds.

We also do require you to have:

  • Programming experience in Python and C.
  • Knowledge about programming languages and operating systems.
  • Experience with Git, LaTeX, and Linux.

Among the responsibilities of researchers in our group are the development of new and scalable analysis techniques, by combining theory and practice, implementing prototypes, rigorously evaluating them, and communicating/disseminating the findings in the (scientific) community.

Miscellaneous

The working language in our group and in the Faculty for Computer Science is English.

You do not need to speak German to work at RUB or to live in Bochum, though it is certainly helpful.

Questions or Wanting to Apply?

If you are interested or have any questions, please send an email to [email protected].

If you do send us an email, you need to include:

  • A brief motivation about your interests (one short paragraph).
  • An updated resume/CV.
  • A recent transcript of grades.

We also love to see academic work samples and prior non-trivial open source contributions.

Please do note that we will not reply to emails that:

  • Lack any of the above information.
  • Appear to have made significant use of generative AI and were not largely written by you.
  • Suggest you did not read the information we made available on this website.