Research Associate – AI-guided Attack Surface Assessment

About the SnT

The University of Luxembourg is an international research university with a distinctly multilingual and interdisciplinary character.

The Interdisciplinary Centre for Security, Reliability and Trust (SnT) at the University of Luxembourg is a leading international research and innovation centre in secure, reliable and trustworthy ICT systems and services.

We play an instrumental role in Europe by fueling innovation through research partnerships with industry, boosting R&D investments leading to economic growth, and attracting highly qualified talent. We look for researchers from diverse academic backgrounds to contribute to our projects in areas such as : Network Security, Information Assurance, Model-driven Security, Cloud Computing, Cryptography, Satellite Systems, Vehicular Networks, and ICT Services & Applications.

Your role

The SnT is seeking a Postdoc to support the research and development work within the SEDAN group. We seek a candidate with expertise and / or interest in the following relevant fields : machine learning and cybersecurity.

The candidate will have the opportunity to work on a collaborative project with a leading industry in cybersecurity allowing thus to validate and receive feedback from on-the-field cybersecurity practitioners. The project aims at improving the assessment of the attack surface of an organization. This is essential to identify all possible entry points an external attacker could use to break into the IT system. Because attack surface became large and diverse [Rizz20], Automated External Attack Surface Management (EASM) cannot be limited to naive IP address scanning or simply relying on incomplete CMDBs [Kie23]. Thus, multiple tools are used by experts with strong knowledge and previous experience. The main objective of the project is to automate this human-based cognitive process thanks to the use of Deep-Reinforcement Learning (DRL) to orchestrate the joint use of multiple attack surface tools, Large-Language Models (LLMs) to refine their configurations and graph-based Machine Learning (ML) to detect anomalies (such as a new unknown possible entry point) and provide actionable recommendation according to the recovered attack surface. A tool like AMASS[1] from OWASP already acts as an interface through multiple tools. Although it still relies on manual configuration or scripting, such types of tools will be considered to serve as a basis to support modelling and interacting with existing tools.

The postdoc will thus have to define an orchestrator capable of communicating with existing tools by defining necessary interfaces and most of all the intelligent iterative engine based on reinforcement learning. The developed orchestrator thus consists in interconnecting existing open-sources tools for EASM with an orchestrator to be defined. This requires the definition and development of a unified language alongside the necessary interfaces. LLMs will be used to iteratively interpret results obtained by to the execution of the EASM tools to support an orchestrator to refine their configurations. Indeed, the space of exploration is almost infinite and is often based on text-based information (domain names, service provider names, software names, certificates, etc.) from which a particular semantic can be inferred. At the end of the processing pipeline, a component will aggregate the accumulated knowledge about the discovered attack surface. The ultimate objective is to provide useful and prioritized recommendations by detecting anomalies in the external attack surface, knowing that a system cannot be totally isolated.

In addition, the candidate will be also involved in project management, reporting and dissemination. The project is an academic project oriented but applied research. It is a unique opportunity to develop new concepts with a close collaboration with industry.

During postdoc, the candidate will have the opportunity to participate and propose other projects within the group and so also develop his / her / their own research agenda. We are working on various topics related to applied ML and cyber-security, including applications and security of LLMs.

Your profile

The candidate should possess a PhD degree in Computer Science / engineering or Telecommunication Engineering,

What we’re looking for :

• A collaborative team player with a desire to make a personal impact within our interdisciplinary research groupho can work independently and efficiently and is proactive in solving problems.
• Self-initiative, creativity, curiosity, flexibility and enthusiasm to work

Knowledge and Experience :

The ideal candidate should have some knowledge and / or experience in one or several of the following areas :

The following qualifications of the applicant are a bonus :

Language Skills : Fluent written and verbal communication skills in English are required. Knowledge of either French, German or Luxembourgish will be appreciated but are not a requirement to apply.

Please note that, due to the specific requirements and constraints of the project, we are only able to consider applicants from NATO member countries or NATO partner nations

We offer

How to apply

Applications should include :

Early application is highly encouraged, as the applications will be processed upon reception. Please apply ONLINE formally through the HR system. Applications by Email will not be considered.

The University of Luxembourg is committed to achieving gender parity among its staff. Should candidates present equivalent profiles, preference will be given to female candidates in all departments where gender parity is not yet achieved.

The University of Luxembourg embraces inclusion and diversity as key values. We are fully committed to removing any discriminatory barrier related to gender, and not only, in recruitment and career progression of our staff.

General information :

The yearly gross salary for every Postdoctoral Researcher at the UL is EUR 85176 (full time).