NEXTONIC: Marking its 10th anniversary, the 5TONIC laboratory embarks on a new phase to lead the development of 6G

Read more

PhD Student position in 6G location and sensing-based analytics

Read more

NEXTONIC: Marking its 10th anniversary, the 5TONIC laboratory embarks on a new phase to lead the development of 6G

Read more

PhD position in IoT Security and Privacy

Cybersecurity Group

Internet Analytics Group

Deadline for receipt of applications: November 16th, 2025 23:59 AoE (17 November 2025, 13:59h Europe/Madrid Time)

The Cybersecurity (https://networks.imdea.org/es/equipo/grupos-de-investigacion/cybersecurity-group/) and InternetAnalyticsGroups (https://networks.imdea.org/es/equipo/grupos-de-investigacion/internet-analytics-group/) led by Dr.GuillermoSuarez-Tangil (https://scholar.google.com/citations?hl=en&user=182ZkIgAAAAJ) and Dr. Narseo Vallina-Rodriguez (https://scholar.google.com/citations?hl=en&user=yOlNzfcAAAAJ) at IMDEA Networks Institute have a joint opening for one PhD student in the area of IoT Security and Privacy. 

The Ph.D. candidate will design novel methods for the detection and analysis of vulnerabilities and privacy harmful behaviours in IoT products, including side-channels arising from misuse and abuse of network protocols.  The candidate will develop and apply scalable and efficient software and firmware analysis methodologies using tools like Frida or IDA Pro, enhanced with traffic monitoring techniques and Machine Learning to detect and analyze vulnerabilities and weak/malicious actors in IoT products and their supply chain.

The candidate will make fundamental contributions to unsolved technical and research challenges, adding to the long and impactful track records of the IAG and Cybersecurity groups in the field of cybersecurity, and privacy [See bibliographic references 1-10 below]. The PhD student will have privileged access to various cutting-edge software analysis tools, and to a big data analysis platform with substantial computing resources for their processing. 

The position offers:

  • Hands-on training in scalable software/firmware analysis and reverse engineering skills 
  • A unique opportunity to work with large-scale IoT firmware and vulnerability databases
  • The opportunity to explore a research problem with massive research, societal, and industrial impact (see the new EU Cyber Resilience Act)
  • The expectation to publish at top-tier conferences such as USENIX Security, CCS, NDSS, or IMC.
  • A vibrant, collaborative, multi-cultural, and English-speaking research environment.
  • The prospect of publishing applied research at top-tier venues in cybersecurity and networking.
  • An advantageous path to a successful career in industry or academia [11].
  • The high quality of life in the region of Madrid, Spain.

The position requires:

  • A B.Sc. in Computer Science, Telecommunications Engineering, or related field, with a solid academic record. Postgraduate studies (holding an M.Sc. or being currently enrolled in one) will be a plus.
  • Good programming skills (e.g., C/C++, Java, or Python) and experience in (or an interest in working in) the area of cybersecurity while conducting practical research. 
  • Software reverse engineering (Frida, IDA Pro) and data analysis skills (e.g., R or Python) are recommended, especially in the area of static and dynamic analysis of software, binary analysis, and reverse engineering.
  • Fluency in written and spoken English, 
  • Enthusiasm for interdisciplinary research with real-world impact.

Inquiries on the position can be directed to the thesis supervisors via email, Dr. Guillermo Suarez-Tangil (guillermo.suarez-tangil “at” imdea.org) or Dr. Narseo Vallina-Rodriguez (narseo.vallina “at” imdea.org)

IMPORTANT: Please, explicitly select either Dr. Suarez-Tangil or Dr. Vallina-Rodriguez in your application to better follow up on your application.

Candidates shall submit by the call deadline a CV, a motivation letter, and the contact details of two references through the IMDEA Networks Institute hiring portal, at https://careers.networks.imdea.org/

Bibliographic References of Relevant Group Research Outputs: 

[1.] “In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes.” A. Girish, T. Hu, V. Prakash, D. J. Dubois, S. Matic, D. Huang, S. Egelman, J. Reardon, J. Tapiador, D. Choffnes, N. Vallina-Rodriguez  In Proc. of the 2023 ACM on Internet Measurement Conference, 2023.

[2.] SkillVet: Automated Traceability Analysis of Amazon Alexa Skills. J. Edu, X. Ferrer-Aran, J. Such, G. Suarez-Tangil. IEEE Trans. on Dependable and Secure Computing. 2022. 

[3.]  IoTLS: Understanding TLS Usage in Consumer IoT Devices. M. Paracha, D. Dubois, N. Vallina-Rodriguez, D. Choffnes. Proc. of the ACM IMC, 2021 

[4.]  Trouble over-the-air: An analysis of fota apps in the android ecosystem. Blázquez, E., Pastrana, S., Feal, Á., Gamba, J., Kotzias, P., Vallina-Rodriguez, N., & Tapiador, J.  IEEE Symposium on Security and Privacy (SP) 2021 

[5.] An Analysis of Pre-installed Android Software. J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador, N. Vallina-Rodriguez IEEE Symposium on S&P’20 (BEST PRACTICAL PAPER AWARD, AEPD EMILIO ACED AWARD, CNIL-INRIA PRIVACY RESEARCH AWARD)

[6.] Measuring Alexa Skill Privacy Practices Across Three Years. J. Edu, X. Ferrer-Aran, J. Such, G. Suarez-Tangil. ACM Web Conference, 2022

[7.] Exploring the security and privacy risks of chatbots in messaging services J Edu, C Mulligan, F Pierazzi, J Polakis, G Suarez-Tangil, J Such. Proc. ACM IMC 2022

[8.] 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions Systems. J. Reardon, A. Feal, P. Wijesekera, A. Elazari Bar On, N. Vallina-Rodriguez, S. Egelman. USENIX Security, 2019 (USENIX’19 DISTINGUISHED PAPER AWARD, CNIL-INRIA PRIVACY RESEARCH AWARD, AEPD EMILIO ACED)

[9.] Characterizing Linux-based malware: Findings and recent trends. Carrillo-Mondéjar, J.,, Martínez, J.L., Suarez-Tangil, G.. Future Generation Computer Systems, 2020.

[10.] Androdialysis: Analysis of android intent effectiveness in malware detection. Feizollah, A., Anuar, N. B., Salleh, R., Suarez-Tangil, G., & Furnell, S. (2017).  Computers & security, 65, 121-134

[11] https://networks.imdea.org/team/imdea-networks-team/alumni-network

This contract is part of the project PID2022-143304OB-I00 (PARASITE) funded by MCIN/AEI /10.13039/501100011033/ and by the ERDF, A way of making Europe

Equal Employment Opportunity:

IMDEA Networks Institute aims to increase the proportion of women and therefore qualified female applicants are explicitly encouraged to apply. Until a balanced ratio of men and women has been achieved at the institute, preference will be given to women if applicants have similar qualifications. IMDEA Networks Institute actively promotes diversity and equal opportunities. Applicants are not to be discriminated against in personnel selection procedures on the grounds of gender, ethnicity, religion or ideology, age, sexual orientation (anti-discrimination). People with disabilities who have the relevant qualifications are expressly invited to apply

Apply Now!
  1. Remember to select the following option: PhD: PhD Student positions [2026]
  2. Deadline for receipt of applications: November 16th, 2025 23:59 AoE (17 November 2025, 13:59h Europe/Madrid Time)
  3. If necessary choose as supervisor Guillermo SUAREZ-TANGIL, Narseo VALLINA-RODRÍGUEZ