PhD Position: Trustworthy Authorization & Compliance

Are you excited about building cybersecurity platforms that are secure, explainable, and compliant by design? Do you want to combine real-time authorization, distributed ledgers, and verifiable credentials with ethics- and regulation-aware engineering? Would you enjoy turning cutting-edge research into practical capabilities for essential service providers across Europe? If so, join us for an exciting PhD opportunity.

Challenge: Design a just-in-time authorization and usage control stack that reacts to dynamic risk signals while guaranteeing legality, privacy, and ethical safeguards across organizations.

Change: Operationalize DLT-backed policies, smart contracts, and verifiable credentials to enforce context-aware access and provenance in the experimentation laboratory.

Impact: Help essential entities meet NIS2, GDPR, and related obligations, reducing cyber risk while increasing transparency, trust, and auditability.

Job description

Within the EU CIPHER project, an experimentation laboratory where essential service providers can assess and strengthen cyber-resilience, your PhD will unite two strands: (i) ethics- and regulation-aware engineering that turns EU frameworks into concrete design requirements, and (ii) just-in-time authorization that enforces real-time, risk-adaptive usage control across organizations. You will design a usage-control pipeline that evaluates every data request against dynamic context, encodes policies as smart contracts on blockchain for transparent, tamper-evident enforcement, and integrates verifiable credentials for cross-border trust. Coupled with a Security Response Manager, the system adapts permissions on the fly. You will also develop compliance-aware guidance and tooling, link authorization to regulatory duties via a checker, and ensure provenance and lifecycle metadata for auditability and continuous monitoring.

The research is hands-on and evaluative. You will deploy your methods in realistic cyber-range scenarios and sectoral use cases (e.g., transport, telecommunications, water), demonstrating end-to-end workflows from risk monitoring to authorization and compliance reporting. Throughout the project, you will collaborate closely with cybersecurity engineers, legal/ethics experts, and industry partners; co-supervise master’s students where appropriate; and publish your results at leading venues in security, distributed systems, and responsible/regulated AI   

Job requirements

• MSc in Computer Science, Computer/Software Engineering, or a closely related field.
• Proven skills in access control/usage control (e.g. ABAC/UCON/RBAC) and Blockchain Hyperledger Fabric, Indy, Besu.
• Solid programming ability (Python, Go, Java, Solidity, TypeScript) and software engineering practices.
• Interest or experience with research collaboration with other researchers and external stakeholders as a team player.
• High motivation and a curious and critical mindset.

TU Delft (Delft University of Technology)

Delft University of Technology is built on strong foundations. As creators of the world-famous Dutch waterworks and pioneers in biotech, TU Delft is a top international university combining science, engineering and design. It delivers world class results in education, research and innovation to address challenges in the areas of energy, climate, mobility, health and digital society. For generations, our engineers have proven to be entrepreneurial problem-solvers, both in business and in a social context.

At TU Delft we embrace diversity as one of our core values and we actively engage to be a university where you feel at home and can flourish. We value different perspectives and qualities. We believe this makes our work more innovative, the TU Delft community more vibrant and the world more just. Together, we imagine, invent and create solutions using technology to have a positive impact on a global scale. That is why we invite you to apply. Your application will receive fair consideration.

Challenge. Change. Impact

Faculty Technology, Policy & Management

The Faculty of TPM provides an important contribution to solving complex technical-social issues, such as energy transition, mobility, digitalisation, water management and (cyber) security. TPM does this with its excellent education and research at the intersection of technology, society and policy. We combine insights from both engineering and social sciences as well as the humanities. TPM develops robust models and designs, is internationally oriented and has an extensive network of knowledge institutions, companies, social organisations and governments.
Click here to go to the website of the Faculty of Technology, Policy and Management.

Conditions of employment 
Doctoral candidates will be offered a 4-year period of employment in principle, but in the form of 2 employment contracts. An initial 1,5 year contract with an official go/no go progress assessment within 15 months. Followed by an additional contract for the remaining 2,5 years assuming everything goes well and performance requirements are met.

Salary and benefits are in accordance with the Collective Labour Agreement for Dutch Universities, increasing from €3059 - €3881 gross per month, from the first year to the fourth year based on a fulltime contract (38 hours), plus 8% holiday allowance and an end-of-year bonus of 8.3%.  

As a PhD candidate you will be enrolled in the TU Delft Graduate School. The TU Delft Graduate School provides an inspiring research environment with an excellent team of supervisors, academic staff and a mentor. The Doctoral Education Programme is aimed at developing your transferable, discipline-related and research skills. 

The TU Delft offers a customisable compensation package, discounts on health insurance, and a monthly work costs contribution. Flexible work schedules can be arranged.  

Will you need to relocate to the Netherlands for this job? TU Delft is committed to make your move as smooth as possible! The HR unit, Coming to Delft Service, offers information on their website to help you prepare your relocation. In addition, Coming to Delft Service organises events to help you settle in the Netherlands, and expand your (social) network in Delft. A Dual Career Programme is available, to support your accompanying partner with their job search in the Netherlands.  

Additional information

For more information about this vacancy, please contact dr. ir. Marcela Tuler de Oliveira (M.TulerdeOliveira@tudelft.nl) or dr. Carlos Hernandez Ganan (C.HernandezGanan@tudelft.nl)

For more information about the application procedure, please contact the HR-advisor (recruitment-tbm@tudelft.nl). 

Application procedure
Are you interested in this vacancy? Please apply no later than 3 December 2025 via the application button and upload the following documents:

• Your detailed CV, including a list of publications, the title of your thesis, and contact details of two references.
• A motivational letter.
• Abstract of your MSc thesis or a paper that you have written in which you demonstrate your writing (and scientific) skills.

You can address your application to Marcela Tuler de Oliveira and Jolien Ubacht.

Doing a PhD at TU Delft requires English proficiency at a certain level to ensure that the candidate is able to communicate and interact well, participate in English-taught Doctoral Education courses, and write scientific articles and a final thesis. For more details please check the Graduate Schools Admission Requirements. 

Please note:

• You can apply online. We will not process applications sent by email and/or post. 
• As part of knowledge security, TU Delft conducts a risk assessment during the recruitment of personnel. We do this, among other things, to prevent the unwanted transfer of sensitive knowledge and technology. The assessment is based on information provided by the candidates themselves, such as their motivation letter and CV, and takes place at the final stages of the selection process. When the outcome of the assessment is negative, the candidate will be informed. The processing of personal data in the context of the risk assessment is carried out on the legal basis of the GDPR: performing a public task in the public interest. You can find more information about this assessment on our website about knowledge security.
• Please do not contact us for unsolicited services