Research Fellow in Software Security

Guildford, United Kingdom
25 Apr 2019
End of advertisement period
26 May 2019
Contract Type
Fixed Term
Full Time

Department of Computer Science

Location:     Guildford
Salary:     £31,302
Fixed Term Contract
Post Type:     Full Time
Closing Date:     Sunday 26 May 2019
Interview Date:     To be confirmed

Surrey Centre for Cyber Security at the University of Surrey seeks to recruit a software developer in software security for a full-time position. The post is part of the EU H2020 R&D project “ASTRID: Addressing threats for virtualised services” ( which develops a novel approach for secure development and deployment of micro-services in emerging software-defined and virtualized infrastructures. This is a crucial aspect towards providing organizations the appropriate situational awareness in relation to cyber security threats allowing them to quickly detect and effectively respond to sophisticated cyber-attacks. The candidate will be working on the design and development of source code vulnerability analysis mechanisms with further contributions to their implementation and deployment within the ASTRID platform.

ASTRID is a multi-national consortium of academic institutions and industry from Italy, Denmark, Germany, Greece and the UK. Surrey is one of the academic partners and is primarily responsible for the specification of advanced forms of attestation, including run-time attestation and attestation of ensembles, but also to the run-time risk assessment and vulnerability analysis components of the overall framework.

We are looking for an excellent, motivated, self-driven software developer to conduct high-quality software analysis and development work within the following key technological aspects:

  • Definition of solutions for the vulnerability assessment of software components, comprising the set of provided cloud services, ranging from the theoretical threat modelling to practical security evaluation of cyber-physical systems and system-level software implementations of cloud services ready for deployment in the envisaged environment; the analysis will focus on the identification of the security requirements for establishment of trust between various functionalities specific to the use cases of interest.
  • Development of formal models for the relationships among the set of properties pertinent to building trust in the designed components. This analysis will enable the design of a holistic vulnerability assessment (VA) framework capable of identifying all underlying vulnerabilities, that can be exploited by an adversary to intrude either standalone or dependent code functionalities, by mapping the most important existing malware threats and investigating their applicability in multi-IaaS environments.

Successful applicants will have core skills in static code analysis for threat and vulnerability detection. Candidates are expected to have good knowledge of virtualisation techniques, Assembly/C/C++, and Linux kernels. Candidates are expected to have excellent communication skills to engage with the project partners.

In addition to supporting the research project with internal and external collaborators, the position will serve as a platform for the candidate to develop their knowledge and skills at the intersection of vulnerability analysis, source code analysis and trusted computing as well as to contribute to other projects in cyber security.

The successful applicant will be working under supervision of Dr Mark Manulis and will benefit from the environment provided by the Surrey Centre for Cyber Security, an Academic Centre of Excellence in Cyber Security Research recognized by the British Government. The Centre’s research focus is on the design and analysis of security protocols, data privacy, access control, privacy preserving security, trustworthy systems, and distributed ledger technologies.

Informal enquires are welcome and should be made to Dr. Mark Manulis The University is committed to equality of opportunity in employment and offer many opportunities for professional development. Expected start date: August 2019