~~NOTOC~~ ====== Job offerings - CRoCS ====== This page lists currently open employment and PhD positions to our lab. ===== Employment positions ===== We currently have no employment positions open, but feel free to see the list of [[public:research:main|current research projects]] to see the areas we work in. ===== PhD positions ===== {{fa>font-awesome}}\_//Topic:// Examining the ecosystems of computer security certification schemes {{fa>user-circle-o}}\_//Supervisor:// Vashek Matyas %%<%%%%>%% {{fa>industry}}\_//Industry cooperation:// [[https://research.redhat.com/|Red Hat Czech s.r.o.]] {{fa>calendar}}\_//Start date:// September 2024 or February 2025 We are looking for **two doctoral students to work in the areas of computer security and machine learning** improving the security certification scene. The students will **join an existing research team around the [[https://seccerts.org|sec-certs]] project**. Positions are fully funded by the faculty with extra remuneration provided by the industrial partner. ==== Topic specification ==== The aim of these PhD positions is to analyse and improve the ecosystems of products certified under security certification frameworks such as FIPS 140-2/3 and Common Criteria. Even such security-certified products suffer from critical vulnerabilities, and assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certificates. The tooling we develop automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable. ==== Expected expertise ==== We expect candidate(s) who have (or soon will have) a MSc degree or equivalent and a solid background in computer science or engineering, with some background either in computer security or machine learning or natural language processing (though not necessarily both). Fluent communication in spoken and written English is expected. ==== The team ==== The academic research team you'll join consists of your supervisor, two part-time engaged assistant professors and multiple supervised bachelor and master students. Furthermore, multiple Red Hat engineers are engaged to help the application of the project results at Red Hat as well as the wider certification community. ==== The sec-certs project ==== Sec-certs is a tool for data scraping and analysis of security certificates from Common Criteria and FIPS 140-2/3 frameworks. It periodically updates the database of certificates, processes the available certification PDFs and metadata and enriches them by adding new metadata (e.g. detected certificate dependencies) or cross-referencing other datasets (CPEs, CVEs, CWEs, …). The whole dataset is open an available through the web interface at [[https://seccerts.org|seccerts.org]]. [[https://seccerts.org/|{{:public:research:sec-certs-logo.png?nolink&200|sec-certs project}}]] {{:public:research:logo.png?400|}} \_ ==== Industry involvement ==== The successful candidate(s) will work with CRoCS during the whole duration of the project, while cooperation with Red Hat is expected in a form of regular meetings with Red Hat experts where progress will be evaluated and next targets agreed. The work to be undertaken during all years of research will be at the intersection of computer security and machine learning. In case of inquires related to the industrial cooperation, please contact Martin Ukrop %%<%%%%>%%. [[https://research.redhat.com/|{{:wiki:redhat.png?nolink&200|Red Hat}}]] ==== Publications ==== {{section>publications:keywords:sec-certs&noheader&fullpage}} ==== Interested? ==== * Are you interested in the position? The next step is to contact the supervisor to discuss each other's expectations and meet the rest of the team. * Do you know someone who may be interested? Please refer them to this web page. * Do you know a relevant place to hang a poster? Download it below. \_ \_