Researcher/Scientiest in Cyberdefense (DAP/22-03) M/W/X

The Royal Military Academy of Belgium (RMA) is a military institution responsible for the basic academic, military and physical training of future officers, and for the continuing advanced training of officers during their active career in the Belgian Defense department ( www.rma.ac.be ). It is fully recognized as a university, fulfilling the same criteria as civilian universities. The Royal Military Academy is also conducting scientific research at university level for projects funded by the Belgian Defense department or external sources.

You work within the cyberdefense laboratory of the Royal Military Academy. We teach academic courses at the Royal Military Academy and at the Université Libre de Bruxelles (ULB). We also organize short workshops. The courses we teach cover the following subjects:

• Networks;
• Distributed information systems;
• Information security;
• Forensics;
• Management of security.

We are also a research laboratory. Our work currently focuses on:

• Detection of Advanced Persistent Treaths (APT’s);
• Detection of cyber attacks using machine learning and AI;
• Cyber training systems and cyber ranges;
• Prevention of phishing;
• Detection of attacks related to the cellular phones network (SS7 and diameter).

Description de la fonction

In the framework of the study DAP22-03 ¿Using blockchain to secure the software supply chain¿, we are looking for a full-time researcher in cyberdefense with a Master of Science in Cybersecurity, in Computer Science, or equivalent.

What we offer:

• You will be working in a young and dynamic team, where autonomy and initiatives are encouraged;
• You will have the possibility to work on exciting projects related to cyber security, with concrete applications;
• You will have access to high-end material (laptop, screens, servers,…);
• You will have the possibility to attend world renowned cyber security trainings and certifications;
• You will also have the possibility of obtaining a master in Cyber Security.

Study:

When developing software, developers and companies usually rely on numerous external libraries. According to GitHub State of the Octoverse Report 2019, open-source projects have an average of 180 package dependencies. The same goes for commercial and closed-source software, although no official numbers are available.

For an attacker, it is enough to compromise one of these dependencies to break into the network or data of the final user of the software. This technique has proven extremely effective, and hence is increasingly used by attackers.

This supply chain attack technique can be applied to any programming language and dependency management tool: PHP/composer, Python/PIP, DotNET/NuGet, Java/Maven. All these dependency management systems rely on a central system storing the details of available libraries.

In this project, we plan to study how these central systems can be replaced by a distributed system relying on blockchain. A blockchain system is often compared to a distributed ledger. It allows guaranteeing the integrity of stored data: no record can be inserted or modified in the database of libraries without being detected by the users of the database.

This property would allow to create a software supply chain that would be protected against supply chain attacks.

Main Tasks

For this project, you will develop a demonstrator showing how a secure software supply chain can be implemented using blockchain technology.

On the path to developing this demonstrator, many challenges will probably be discovered that have to be solved. For example:

• how to limit computation complexity (and power requirements) of the system, which is currently one of the main criticisms against blockchain;
• how to reduce the delay before new data is available for all users, which is another drawback of blockchain;
• how to design a system that nicely scales with the number of users.

The second outcome of the project is to study how the solutions that you implemented can be transferred to other uses cases of blockchain.

According to pwc, there are a lot of other possible applications of blockchain in military supply chains. Examples include: guarantee the provenance of materials and parts, and help detect counterfeits; proactively identify shortages of (sub-)parts to reduce problems and costs; manage the identities and certifications of people handling parts, assembling components and executing repairs and upgrades etc. Probably, the solutions we will find might enrich blockchain applications in other military related fields.

Description du profil

Technical skills

The applicant shall have a Master of Science in Cybersecurity, in Computer Science, or equivalent.

• Training or experience in Linux and classical development environment (command line, git, ssh etc.) is required;
• Training or experience in Java or PHP programming language is highly recommended;
• Training or experience in cyber security is an added value.

Personal skills

• You can develop software autonomously.
• You do not settle for sub-standard solutions and always try to achieve a high level of quality.
• You can conduct scientific research at a university level by searching existing literature, analyzing existing solutions in a critical way and proposing new ideas.
• You can communicate your results in a clear, concise and precise manner.
• You are involved and focused on results.
• You can work in a team and focus on the objectives of the team.
• You take initiatives to improve the functioning of the team.
• You take initiatives to improve your own skills.
• You are honest, loyal toward the institution and respect confidentiality.
• You can integrate yourself in a multidisciplinary research unit.

Other skills

• The applicant shall have good knowledge of English (oral / written)
• Minimum knowledge of French or Dutch is recommended (collaboration with peers)

Specific requirement

• The researcher may be exposed to classified information and will therefore have to obtain the required security clearance. The candidate must consent with the background check required to obtain this clearance, which will be executed by Belgian Defense.
• When working for the Patrimony, the researcher is required to live in Belgium.

Avantages du poste

Contract

• Probable date of recruitment: From 1st August 2023 , in consultation with the applicant.
• Status: Full-time employment based on an open-ended contract with the Patrimony of the Royal Military Academy (you will not be a civil servant).
• Wage scale: class A1 (holder of a Master’s degree in Science or equivalent), class A2 (holder of an Ir degree or equivalent Master’s in Engineering Sciences, doctor’s degree in the same area of expertise).
• Holiday pay.

Extra-legal benefits

• Possibility to benefit from a bilingualism allowance (Dutch/French) following a SELOR test;
• End-of-year bonus;
• Free DKV hospitalization insurance. Possibility of additional affiliation for one or more persons living under the same roof: spouse, child(ren) (50% of the price per additional member);
• Bike allowance / Free public transport (home-work commute);
• Free access to campus sports facilities outside working hours;
• On-campus restaurant and cafeteria with democratic prices (discount on the daily menu);
• Flexible working hours within the 38-hour week;
• Teleworking possible ;
• Holidays:
  • 26 days holiday / year from the 1st year of contract (then from 45 years: +1 day holiday every 5 years)
  • + 3 extra days-off / year of ¿service dispensation¿ offered by the department
  • + 1 week OFF every year between Christmas and New year’s Eve (independent of the annual balance of holidays).
• Advantages and interesting offers thanks to the Benefits@work card (discounts, vouchers…) ;
• Entitlement to services offered by the `Office Central d’Action Sociale et Culturelle de la Défense’ (OCASC): among others holiday centres, discount on travel organised by the tour operator…;
• Possibility of benefiting from the nursery funded by Belgian Defence (subject to availability).

Informations supplementaires

Lieu de travail Bruxelles, Belgique

Type de contrat : Travail

Autres Informations :

Application

You will be working in a military environment. That is why everyone is expected to undergo a security verification. Please add to your application the filled out document. The form can be downloaded from: http://www.rma.ac.be/nl/aanvraag-veiligheidsverificatie

Send by email:

• a motivational letter;
• a CV
• a scan of your ID card (both sides);
• the filled out security document

to Mr Thibault Debatty (t.debatty@cylab.be) and to Mrs Helena BRUYNINCKX ( erm-deao-rswo@mil.be ).

Please mention clearly the reference of the project: ¿ DAP/22-03 ¿.

Application deadline: 21 April 2023 .

The interviews will take place at the Royal Military Academy, Hobbemastraat 8, 1000 Brussels. In case of access restriction due to COVID-19 or non-Belgian application, on-line interviews will take place. The date and time of the interview will be communicated to the preselected candidates.

Workplace

• Royal Military Academy, Avenue de la Renaissance 30, 1000 Brussels;
• Occasional travels abroad for scientific conferences, etc.

Points of contact

• Concerning the research project: to Mr Thibault Debatty (t.debatty@cylab.be)
• Concerning the recruitment modalities: Mrs Helena Bruyninckx ( erm-deao-rswo@mil.be )
• For more information about the Royal Military Academy, see http://www.rma.ac.be