LIST is looking for a highly motivated candidate with proven skills in healing the security issues that befall modern software during its development lifecycle, to work on a research project funded by EC with a three-years duration. The recently introduced area of DevSecOps - in medium to large companies - unfortunately lacks automated security tools, while most existing solutions are targeting only one narrow step of the software development lifecycle (SDLC) process but miss a much-needed holistic overview of the global security solution. In this context, the LAZARUS project innovates by intervening in multiple steps of the SDLC, performing targeted security checks and collecting valuable information and intelligence from each step, and exploiting advanced ML and AI methods to convert this intelligence into actionable insights and recommendations. The specific missions of the candidate will include, but are not limited to, participating into the following activities along the project partners:
(1) To predict software security defects before deployment and prevent security breaches.
(2) To develop a set of algorithms that allow quantifying software exploitability and facilitate the work of correcting its errors.
(3) To develop and apply new model-checking techniques to verify the security of software.
(4) To specify and develop two workflow-disruptive techniques which leverages Intel SGX enclave trusted but with the lowest impact on the software lifecycle and on its performance.
(5) To implement and test the developed solutions.
(6) To develop ex-ante information security policies for the demonstration and implement periodic reviews to objectively evaluate adherence to the policies.