NederlandsEnglish
en
NederlandsEnglish
  2. Vacancies
  3. PhD position on Explainable Incident Response -- TUCCR
To vacancy overviewApply now
EEMCSPhD

PhD position on Explainable Incident Response -- TUCCR

The Semantics, Cybersecurity, and Services (SCS) group at the University of Twente and the Twente University Centre for Cybersecurity Research (TUCCR) invites applications for a PhD Position in Explainable Incident Response.

Apply now
  • Hi! Are you my
    new colleague?
    Britt Büter
  • Hi! Are you my
    new colleague?
    Ying Wang
  • Hi! Are you my
    new colleague?
    Clara Stegehuis
  • Hi! Are you my
    new colleague?
    Kuan Chen
  • Hi! Are you my
    new colleague?
    Eline Meijerink
  • Hi! Are you my
    new colleague?
    Jeroen Blok
  • Hi! Are you my
    new colleague?
    Stefano Stramigioli

Key takeaways

  • Hours
    40 hr.
  • Salary indication
    Salary gross/monthly
    based on full-time
    € 2,872 - € 3,670
  • Deadline
    6 Oct 2024

Analysts working in Security Operations Centres (SOCs) investigate thousands of alerts daily, often leading to burnout and fatigue. In recent years, machine learning (ML) has emerged as a promising solution to automate the workflows of SOC analysts. However, analysts are often contractually obligated to investigate all alerts, thus, making it critical that they can understand how such ML-based solutions work.

The objective of this PhD project is to create ‘AI-assisted practitioners' for incident response by developing novel human-in-the-loop ML algorithms that reduce analyst workload and provide decision-making assistance. We propose to develop explainable ML algorithms that summarize large volumes of observable data (intrusion alerts, network & system logs) to discover contextually meaningful patterns from them. The student will conduct fundamental research and explore various learning paradigms to develop actionable explanations from these discovered patterns that are tailored to the operator's expertise. The evaluation of these algorithms will be done under closed-world and open-world settings. For the closed-world setting, a major challenge is the lack of suitable datasets to evaluate ML models. The student will set up a testbed together with our industry collaborators for the collection of intrusion alert datasets. For the open-world setting, the student will deploy these algorithms in real SOC environments to measure the extent of workload reduction experienced by the analysts. In doing so, we aim to develop technologies that are not only novel but also have real-world applications.

The PhD student will be embedded within the Semantics, Cybersecurity, and Services (SCS) group at the University of Twente. The student will have the opportunity to participate in internships and/or collaboration with industry partners under the TUCCR initiative. The SCS group offers a stimulating, supportive, and diverse research environment, as well as plenty of opportunities for personal and professional growth.

Your profile

  • You are a highly motivated and enthusiastic researcher, aspiring to do world-class research and have real-world impact.
  • You have a MSc degree with excellent grades in computer science, or similar, with a special emphasis on cybersecurity and/or artificial intelligence; Applications from students who are about to finish their MSc degree studies will be considered as well.
  • You are interested in the domain of cybersecurity and explainability;
  • You have a solid background in artificial intelligence and/or cybersecurity; Some industrial experience in an incident response role and prior experience with writing scientific papers are of additional advantage.
  • You know your way around UNIX/Linux systems; You can code in Python and know your war around sklearn and tensorflow.
  • You are curious and interested in learning how things work and how to make them better.
  • You have a creative mindset and excellent analytical and communication skills.
  • You have good team spirit and like to work in an interdisciplinary and internationally oriented environment;
  • You are proficient in English.

Our offer

  • As a PhD candidate at UT, you will be appointed to a full-time position for four years, with a qualifier in the first year, within a very stimulating and exciting scientific environment;
  • The University offers a dynamic ecosystem with enthusiastic colleagues;
  • Your salary and associated conditions are in accordance with the collective labour agreement for Dutch universities (CAO-NU);
  • You will receive a gross monthly salary ranging from € 2.872,- (first year) to € 3.670,- (fourth year);
  • There are excellent benefits including a holiday allowance of 8% of the gross annual salary, an end-of-year bonus of 8.3%, and a solid pension scheme;
  • The flexibility to work (partially) from home;
  • A minimum of 232 leave hours in case of full-time employment based on a formal workweek of 38 hours. A full-time employment in practice means 40 hours a week, therefore resulting in 96 extra leave hours on an annual basis.
  • Free access to sports facilities on campus
  • A family-friendly institution that offers parental leave (both paid and unpaid);
  • You will have a training programme as part of the Twente Graduate School where you and your supervisors will determine a plan for a suitable education and supervision;
  • We encourage a high degree of responsibility and independence while collaborating with close colleagues, researchers and other staff.

Information and application

Are you interested in this position? Please send your application via the 'Apply now' button below before October 7, 2024, and include:

Missing documents will lead to an immediate rejection of the application.

Date of first interviews: October 14, 2024. 

For more information regarding this position, you are welcome to contact Azqa Nadeem (a.nadeem@utwente.nl)

Apply now

Share this vacancy

About the department

Digitalization brings many new opportunities for businesses and governments by fostering the development of innovative online services. However, this development also brings new challenges, notably in terms of intelligence, interoperability, security, and privacy. The mission of the Semantics, Cybersecurity and Services (SCS) group is to advance the development of innovative online services with improved quality through context alignment and with reduced security and privacy threats.

SCS is part of the Twente University Centre for Cybersecurity Research (TUCCR), a public-private partnership where experts, professionals, entrepreneurs, researchers, and students from industry and knowledge partners collaborate to deliver talents, innovations, and know-how in the domain of cybersecurity. The mission of TUCCR is to strengthen the security and digital sovereignty of our society by performing top-level research on real-world data, systems, and network security challenges. To achieve significant societal impact, TUCCR combines technical, socio-economic, and ethical know-how and is equipped with state-of-the-art infrastructure, ranging from security labs, testbeds, and data lakes. Key outputs include innovation in the form of technologies, tools, minimum viable products, start-ups, and top-tier scientific publications, as well as first-class graduates at Bachelor, Master, and PhD levels. TUCCR’s founding partners are Betaalvereniging Nederland, BetterBe, Cisco, NCSC, NDIX, Northwave, SIDN, SURF, Thales, TNO, and the University of Twente.

About the organisation

The faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) uses mathematics, electronics and computer technology to contribute to the development of Information and Communication Technology (ICT). With ICT present in almost every device and product we use nowadays, we embrace our role as contributors to a broad range of societal activities and as pioneers of tomorrow's digital society. As part of a people-first tech university that aims to shape society, individuals and connections, our faculty works together intensively with industrial partners and researchers in the Netherlands and abroad, and conducts extensive research for external commissioning parties and funders. Our research has a high profile both in the Netherlands and internationally. It has been accommodated in three multidisciplinary UT research institutes: Mesa+ Institute, TechMed Centre and Digital Society Institute.

Want to know more?

Nadeem, A. (Azqa)

Nadeem, A. (Azqa)
Assistant Professor

Nadeem, A. (Azqa)
Assistant Professor

Do you have questions about this vacancy? Then you can contact Azqa for all substantive questions about this position and the application procedure. For general questions about working for the UT, please refer to the chatbot.

Contact

Phone:+31534893361
Email:a.nadeem@utwente.nl

How to apply

Step 1

Apply.
When you see a vacancy that appeals to you, you can apply online. We ask you to upload a CV and motivation letter and/or list of publications. You will receive a confirmation of receipt by e-mail.

Apply now

Step 2

Selection.
The selection committee will review your application and you will receive a response within 2 weeks after the vacancy has been closed.

Step 3

1st interview.
The 1st (online or in person) meeting serves as an introduction where we introduce ourselves to you and you to us. You may be asked to give a short presentation. This will be further explained in the invitation.

Step 4

2nd interview.
In the second interview, we will further discuss the job content, your skills and your talents.

Step 5

The offer.
If the conversations are positive, you will be made a suitable offer. If applicable, we will sign you up for screening.

Your Colleagues

About the faculty EEMCS

Curious about what the faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) stands for? Check out the EEMCS website for more information.

Go to the EEMCS website

A job that matters

Create new opportunities for yourself, your colleagues and our society. Scientist or teacher, administrator or facilitator, thinker or doer, energetic leader or silent support – your work at the University of Twente matters. And you too!

Stories from UT'ers

  • Our mission
    Human Touch

    At the UT it’s all about people, in line with our university’s High Tech Human Touch philosophy. In everything we do, the well-being and future of our students and staff are paramount. From research and teaching to personnel management, campus management and the use of new technologies.

  • Our mission
    We are a university of technology

    Our university is a public institution that serves society. We are accountable to society for the ways in which we use our academic freedom. We are responsible for ensuring that the power of science and technology is harnessed to achieve the best possible impact in a changing world. We cherish our rich tradition of combining technical and social sciences in our five profiling themes: Improving healthcare by personalized technologies; Creating intelligent manufacturing systems; Shaping our world with smart materials; Engineering our digital society; and Engineering for a resilient world.

  • Our mission
    We help to strengthen society

    We help society meet the challenges of today and tomorrow. But we are also transparent about what science and technology can and cannot do in finding sustainable solutions. And help translate these solutions into everyday life.

  • Our mission
    We are sustainable

    We want our communities to flourish and show resilience, so we seize opportunities for innovation. We are knowledgeable and have an eye for what society needs. Our students and staff receive all the guidance they need in their quest for ecological, social and economic sustainability.
    “The University of Twente is all about people. Our sustainable technologies help to strengthen society.”

Browse all jobs