Post-doctoral fellow in software engineering and cybersecurity - 30 months contract
Institut Mines-Télécom
il y a un jour
Date de publicationil y a un jour
S/O
Niveau d'expérienceS/O
Temps pleinType de contrat
Temps pleinGénie logiciel / Développement WebCatégorie d'emploi
Génie logiciel / Développement WebEn partie à distancePolitique de l'emploi à distance
En partie à distanceWho we are ?
Télécom Paris, part of the IMT (Institut Mines-Télécom) and a founding member of the Institut Polytechnique de Paris, is one of France's top 5 general engineering schools.
The mainspring of Télécom Paris is to train, imagine and undertake to design digital models, technologies and solutions for a society and economy that respect people and their environment.
We are looking for a Post-doctoral Fellow in software engineering and cybersecurity. You will join the INFRES Department in ACES team. As part of the SECUBIC project, the ACES team of Télécom Paris develops techniques and tools that leverage Software Heritage, the largest archive of source code in the world, as knowledge base about open source software to improve the state of the art of binary software composition analysis (SCA).
SCIENTIFIC CONTEXT
Many everyday objects (like phones, routers, public transport vehicles, CCTV, etc.) are equipped with computer code in binary format ensuring their operation. At the same time, the reuse of off-the-shelf software components is a massive and widespread practice in computer program development. Therefore, software operating everyday objects may embed up to thousands of pre-existing software components, whose (open source) code was openly available on the Internet. These pre-existing components can implement various and potentially sensitive features, such as cryptography, data management or internet communication. Such a bloated software supply chain opens the door to specific attacks against the binaries included in everyday objects, such as exploiting known vulnerabilities or purposefully injecting vulnerabilities into pre-existing components.
When the user of an everyday object wants to ensure that its operating binary is not vulnerable to such attacks, they must use generic vulnerability detection techniques on the entire binary code. This requires considerable effort and is highly likely to miss many of the vulnerabilities. By replacing these generic techniques with a new approach dedicated to finding vulnerabilities caused by the software supply chain, the SECUBIC project aims at increasing the detection capabilities of such vulnerabilities enough to enable their exhaustive neutralization (or exploitation, from an attacker's point of view), in reasonable time and budget. The result of the project will be a set of software tools implementing this dedicated approach and an evaluation of their effectiveness, notably on binary code coming from industrial and institutional partners.
Your main responsabilities :
Vous détenez un doctorat ou équivalent. Vous possédez une solide expertise en génie logiciel et en cybersécurité.
Votre niveau d'anglais est professionnel.
Pourquoi nous rejoindre ?
Vous travaillerez dans un environnement en plein développement, agréable, verdoyant et accessible (notamment pour les personnes en situation de handicap) à seulement 20 km de Paris (RER B et C, proximité des grands axes routiers, navette mutualisée en partance de la Porte d'Orléans). Vous bénéficierez de :
Informations diverses :
Date limite de candidature : 31 août 2025
Type d'emploi : CDD de 30 mois
Description de poste ici
Contact scientifique : Stefano Zacchiroli
Contacta dministratif : Najoua Kharmaze
Nos recrutements sont fondés sur les compétences, sans distinction d'origine, d'âge, ou de genre et tous nos postes sont ouverts aux personnes en situation de handicap.
Télécom Paris, part of the IMT (Institut Mines-Télécom) and a founding member of the Institut Polytechnique de Paris, is one of France's top 5 general engineering schools.
The mainspring of Télécom Paris is to train, imagine and undertake to design digital models, technologies and solutions for a society and economy that respect people and their environment.
We are looking for a Post-doctoral Fellow in software engineering and cybersecurity. You will join the INFRES Department in ACES team. As part of the SECUBIC project, the ACES team of Télécom Paris develops techniques and tools that leverage Software Heritage, the largest archive of source code in the world, as knowledge base about open source software to improve the state of the art of binary software composition analysis (SCA).
SCIENTIFIC CONTEXT
Many everyday objects (like phones, routers, public transport vehicles, CCTV, etc.) are equipped with computer code in binary format ensuring their operation. At the same time, the reuse of off-the-shelf software components is a massive and widespread practice in computer program development. Therefore, software operating everyday objects may embed up to thousands of pre-existing software components, whose (open source) code was openly available on the Internet. These pre-existing components can implement various and potentially sensitive features, such as cryptography, data management or internet communication. Such a bloated software supply chain opens the door to specific attacks against the binaries included in everyday objects, such as exploiting known vulnerabilities or purposefully injecting vulnerabilities into pre-existing components.
When the user of an everyday object wants to ensure that its operating binary is not vulnerable to such attacks, they must use generic vulnerability detection techniques on the entire binary code. This requires considerable effort and is highly likely to miss many of the vulnerabilities. By replacing these generic techniques with a new approach dedicated to finding vulnerabilities caused by the software supply chain, the SECUBIC project aims at increasing the detection capabilities of such vulnerabilities enough to enable their exhaustive neutralization (or exploitation, from an attacker's point of view), in reasonable time and budget. The result of the project will be a set of software tools implementing this dedicated approach and an evaluation of their effectiveness, notably on binary code coming from industrial and institutional partners.
Your main responsabilities :
- To carry out research missions in the field of software engineering and cybersecurity
- To ensure supervision and tutoring missions
- To contribute to the reputation of the School, the Institut Mines-Télécom and the Institut Polytechnique de Paris
Vous détenez un doctorat ou équivalent. Vous possédez une solide expertise en génie logiciel et en cybersécurité.
Votre niveau d'anglais est professionnel.
Pourquoi nous rejoindre ?
Vous travaillerez dans un environnement en plein développement, agréable, verdoyant et accessible (notamment pour les personnes en situation de handicap) à seulement 20 km de Paris (RER B et C, proximité des grands axes routiers, navette mutualisée en partance de la Porte d'Orléans). Vous bénéficierez de :
- 49 jours de congés annuels (CA + RTT)
- flexibilité des horaires de travail (en fonction de l'activité du service)
- télétravail 1 à 3 jours/semaine possible
- Remboursement abonnement transports en commun à 75%
- Proximité de nombreuses infrastructures sportives, conciergerie, parking souterrain, restauration interne...
- Association du personnel au niveau de l'école et du ministère
- A savoir : nos cotisations sociales sont moins élevées que dans le secteur privé
Informations diverses :
Date limite de candidature : 31 août 2025
Type d'emploi : CDD de 30 mois
Description de poste ici
Contact scientifique : Stefano Zacchiroli
Contacta dministratif : Najoua Kharmaze
Nos recrutements sont fondés sur les compétences, sans distinction d'origine, d'âge, ou de genre et tous nos postes sont ouverts aux personnes en situation de handicap.
RÉSUMÉ DE L' OFFRE
Post-doctoral fellow in software engineering and cybersecurity - 30 months contract
Institut Mines-Télécom
Palaiseau
il y a un jour
S/O
Temps plein
Post-doctoral fellow in software engineering and cybersecurity - 30 months contract