PhD Position Vulnerability Scanning, Incident Response and Security Benchmarking

Research / Academic


We are in an age of regular news stories about vulnerabilities in enterprise IT being exploited, for theft of customer data, ransomware and other nefarious purposes. The impact of these attacks seem to be rising, yet organisations are still struggling to keep their systems patched.
The reality is that organisations face a painful dilemma: patch fast and comprehensively and incur downtime and potential failures; or patch slow and selectively and risk getting compromised by attacks. As a result, organisations take a long time to patch even critical security vulnerabilities. The way to get out of this catch-22 is to radically change the risk governance of patching. That is the objective of the NWO-funded THESEUS project. In this project, we work with closely with academic institutions, like VU Amsterdam, Utrecht and Tilburg Univertisies; and real-world partner organisations, such as KLM-AirFrance, Rijkswaterstaat, City of Amsterdam, City of The Hague, KPN, CyberSprint, and the National Cyber Security Center. We engage with researchers and professionals to explore questions of vulnerability scanning, automatic vulnerability and patch triaging, risk profiling and benchmarking organisations with respect to their security posture and patch status. We also engage with organisation decision-makers and the wider workforce to rationalise their perspective on the cost and benefits of keeping systems patched in a timely manner.
Within this project, we are looking for a motivated researcher interested in doing research in program analysis, vulnerability scanning and management, and security benchmarking. This includes randomised control experiments with how to effectively notify and incentivize organisations to patch discovered vulnerabilities. You would closely collaborate with our academic and industrial partners to perform Internet-wide scanning of enterprise networks, to analyse the obtained results, benchmark organisations and to find the best ways of reducing risks related to security vulnerabilities.
According to the Future of Jobs Survey 2020 from World Economic Forum, the top skills for 2025 include analytical thinking and innovation; active learning; complex problem-solving; critical thinking and analysis; creativity, originality and initiative; leadership and social influence; technology use, monitoring and control; technology design and programming; resilience, stress tolerance and flexibility; reasoning, problem-solving and ideation; systems analysis and evaluation. Successful completion of this PhD degree will allow you to demonstrably obtain these skills and prepare you for a prominent future career. Our PhDs are very sought after by industry, government and academia.
We expect candidates to have degrees, experience and strong technical skills in information systems or computer science. You would work in close collaboration with researchers from computer and social science disciplines.
The candidate will become a part of a successful world-recognized interdisciplinary team of over 20 scientists who jointly research cybersecurity issues. The team consists of people from different disciplines, countries, and backgrounds. Your project also offers the unique opportunity to collaborate with real-world companies in government, healthcare, and various other sectors. The candidate will have the opportunity to present their work at international conferences, to conduct research abroad and to collaborate with the world's leading researchers working towards a secure digital future.


  • In possession or expect to obtain a Master of Science (MSc) or equivalent in computer science, computer engineering or a closely related field;
  • Experience in Internet security and measurement and web security;
  • Excellent programming and data analysis skills;
  • Excellent academic writing and communication skills in English;
  • Curious and critical mind;
  • Being able to organize your work independently;
  • Being a good team player

Doing a PhD at TU Delft requires English proficiency at a certain level to ensure that the candidate is able to communicate and interact well, participate in English-taught Doctoral Education courses, and write scientific articles and a final thesis. For more details please check the Graduate Schools Admission Requirements.

Salary Benefits:

Doctoral candidates will be offered a 4-year period of employment in principle, but in the form of 2 employment contracts. An initial 1,5 year contract with an official go/no go progress assessment within 15 months. Followed by an additional contract for the remaining 2,5 years assuming everything goes well and performance requirements are met.
Salary and benefits are in accordance with the Collective Labour Agreement for Dutch Universities, increasing from € 2443 per month in the first year to € 3122 in the fourth year. As a PhD candidate you will be enrolled in the TU Delft Graduate School. The TU Delft Graduate School provides an inspiring research environment with an excellent team of supervisors, academic staff and a mentor. The Doctoral Education Programme is aimed at developing your transferable, discipline-related and research skills.
The TU Delft offers a customisable compensation package, discounts on health insurance and sport memberships, and a monthly work costs contribution. Flexible work schedules can be arranged. For international applicants we offer the Coming to Delft Service and Partner Career Advice to assist you with your relocation.

Work Hours:

38 - 40 hours per week


Mekelweg 2