Post-doctoral fellow in software engineering and cybersecurity - 30 months contract

Who we are ?

Télécom Paris, part of the IMT (Institut Mines-Télécom) and a founding member of the Institut Polytechnique de Paris, is one of France's top 5 general engineering schools.

The mainspring of Télécom Paris is to train, imagine and undertake to design digital models, technologies and solutions for a society and economy that respect people and their environment.

We are looking for a Post-doctoral Fellow in software engineering and cybersecurity. You will join the INFRES Department in ACES team. As part of the SECUBIC project, the ACES team of Télécom Paris develops techniques and tools that leverage Software Heritage, the largest archive of source code in the world, as knowledge base about open source software to improve the state of the art of binary software composition analysis (SCA).

SCIENTIFIC CONTEXT

Many everyday objects (like phones, routers, public transport vehicles, CCTV, etc.) are equipped with computer code in binary format ensuring their operation. At the same time, the reuse of off-the-shelf software components is a massive and widespread practice in computer program development. Therefore, software operating everyday objects may embed up to thousands of pre-existing software components, whose (open source) code was openly available on the Internet. These pre-existing components can implement various and potentially sensitive features, such as cryptography, data management or internet communication. Such a bloated software supply chain opens the door to specific attacks against the binaries included in everyday objects, such as exploiting known vulnerabilities or purposefully injecting vulnerabilities into pre-existing components.

When the user of an everyday object wants to ensure that its operating binary is not vulnerable to such attacks, they must use generic vulnerability detection techniques on the entire binary code. This requires considerable effort and is highly likely to miss many of the vulnerabilities. By replacing these generic techniques with a new approach dedicated to finding vulnerabilities caused by the software supply chain, the SECUBIC project aims at increasing the detection capabilities of such vulnerabilities enough to enable their exhaustive neutralization (or exploitation, from an attacker’s point of view), in reasonable time and budget. The result of the project will be a set of software tools implementing this dedicated approach and an evaluation of their effectiveness, notably on binary code coming from industrial and institutional partners.

Your main responsabilities :

• To carry out research missions in the field of software engineering and cybersecurity

• To ensure supervision and tutoring missions

• To contribute to the reputation of the School, the Institut Mines-Télécom and the Institut Polytechnique de Paris

You have solid expertise in software engineering and cybersecurity, a PhD or equivalent, a proven ability to work in a team and a good command of English.

Why join us?
You'll be working in a fast-growing, pleasant, green and accessible environment (especially for people with disabilities) just 20 km from Paris (RER B and C suburban train lines, close to major roads, shared shuttle departing from Porte d'Orléans). You will benefit from :

• 49 days annual leave (CA + RTT)

• flexible working hours (depending on department activity)

• telecommuting 1 to 3 days/week possible

• 75% public transport pass reimbursement

• Proximity to numerous sports facilities, concierge service, underground parking, in-house catering, etc.

• Staff association at school and ministry level

• Good to know: our social security contributions are lower than in the private sector

Other information :
Application deadline: August 31, 2025
Job type : 30 months fixed-term contract
Job description here

Scientific contact person: Stefano Zacchiroli <stefano.zacchiroli@telecom-paris.fr>
Administrative contact person: Najoua Kharmaze <najoua.kharmaze@telecom-paris.fr>

Our recruitment is based on skills, without distinction of origin, age, gender identity, or sexual orientation, and all our positions are open to individuals with disabilities.