PhD – ” SBOMs at the heart of software supply chain security” (F/M)

Job title:

PhD – ” SBOMs at the heart of software supply chain security” (F/M)

Company:

Orange

Job description

about the roleOrange Innovation brings together the research and innovation activities and expertise of the Group’s entities and countries. We work every day to ensure that Orange is recognized as an innovative operator by its customers and we create value for the Group and the Brand in each of our projects. With 720 researchers, thousands of marketers, developers, designers and data analysts, it is the expertise of our 6,000 employees that fuels this ambition every day.Orange Innovation anticipates technological breakthroughs and supports the Group’s countries and entities in making the best technological choices to meet the needs of our consumer and business customers.Within Orange Innovation, you will be integrated into the CR-BIS management of IT and Services (IT-S). The “Secure Elements & Safe Applications for Mobile Equipment” (SESAME) department brings together around forty engineers, researchers, and technicians working in the field of security elements to secure access to networks and services (e.g., payment, digital identity) and in the area of securing far-edge computing and IoT.Ready to dive into the world of SBOMs (Software Bills of Material) and the security of software supply chains? Your thesis is waiting for you!Recent regulatory requirements (NIS2, CRA, AI Act, DORA Act) have reinforced the need to understand and control the allocation of responsibilities. However, our infrastructures and software are increasingly the result of the dynamic composition of independent products supplied by various players in different fields and with several levels of delegation. This complexity hampers Orange’s ability to control its supplier chains, its commitments to its customers and its new obligations with regard to the new regulations mentioned above.As part of this PhD thesis, you will be required to solve the following scientific problems:What can we learn from SBOMs and their formalisation in the form of graphs?
Can we create metrics to better characterise/predict threats or problems of responsibility sharing/propagation (dilution, concentration, compliance with commitments, CSR impact/energy costs, exposure to the risk of penalties)?
How can SBOM data and metrics be shared without exposing intellectual property?
Can these metrics be integrated into feedback loops in self-adaptive systems?about youSkills (scientific and technical) and personal qualities required by the position

• Proficiency in programming (Python, Java, etc.) and software engineering.
• Proficiency in data analysis and modeling.
• Fluency, both written and oral, in English is essential
• Knowledge of security.
• Knowledge of SBOMs and software supply chains.
• Knowledge of platform architectures and cloud services.
• Autonomy.
• Analytical and synthetic thinking.
• Curiosity and a passion for innovation.

Education
Engineering or Master’s degree in Computing and SecurityWorking Experience (internships, …)

• Internships in computer development using multiple programming languages
• Insternships in the domain of cybersecurity
• A first experience in a Research environment is an advantage

additional information

• The PhD thesis topic focuses on a key and trending area of security, in a context where European cybersecurity regulations are evolving and significant challenges regarding sovereignty and the security of supply chains are emerging.
• You will benefit from a stimulating work environment conducive to innovation and research.
• Opportunities for continuous training and professional development will be offered to enhance your skills.
• There will be opportunities for publication in scientific journals, as well as collaborations with our academic and industrial partners in an international environment.
• You will also have collaborations and visibility within the Orange Security expert community.

departmentOrange Innovation brings together the research and innovation activities and expertise of the Group’s entities and countries. We work every day to ensure that Orange is recognized as an innovative operator by its customers and we create value for the Group and the Brand in each of our projects. With 720 researchers, thousands of marketers, developers, designers and data analysts, it is the expertise of our 6,000 employees that fuels this ambition every day.Orange Innovation anticipates technological breakthroughs and supports the Group’s countries and entities in making the best technological choices to meet the needs of our consumer and business customers.Within Orange Innovation, you will be integrated into the CR-BIS management of IT and Services (IT-S). The “Secure Elements & Safe Applications for Mobile Equipment” (SESAME) department brings together around forty engineers, researchers, and technicians working in the field of security elements to secure access to networks and services (e.g., payment, digital identity) and in the area of securing far-edge computing and IoT.contractThesis

Expected salary

Location

Caen, Calvados

Job date

Thu, 03 Apr 2025 22:22:08 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (vacanciesin.eu) you saw this job posting.