The primary technical goal of this position is to participate in the maturation of EURECOM's research academic hybrid fuzzing tools. The core technology stack includes SymQEMU, SymCC, and LibAFL/LibAFL-QEMU. These tools facilitate hybrid fuzzing using concolic execution for incremental coverage and discovery of new program paths and vulnerabilities.
The Research Engineer will operate as a low-level developer and CI/CD expert focused on transitioning this research towards a reliable, high-performance, and flexible commercial prototype.
Key technical responsibilities will include:
• Tool Maturation and Reliability (SymQEMU/SymCC): Software development to enhance the performance, reliability, and flexibility of the fuzzing tools, addressing the additional development effort required for industrialization.
• Regression Testing and Quality Assurance (QA): Fixing issues, adding test cases, documentation and new examples and demos. Implement and enhance robust Continuous Integration/Continuous Deployment (CI/CD) environments and sophisticated regression test suites.
• Concolic Engine Integrity: Specifically address and prevent issues like the silent concretization of values within the concolic engine, to generate better test cases.
• Performance Enhancement Integration: Contribute to the low-level integration of advanced performance technologies, notably Intel PT (Processor Trace), into the LibAFL and SymQEMU frameworks to optimize execution analysis.
• Industrial Integration Support: Collaborate with partner companies with the goal to make SymQEMU accessible to non-experts (i.e., users without technical expertise in programming or DevSecOps) by supporting its optimized deployment.
Requirements
• Education Level / Degree: Engineering degree / Master's degree (BAC+5/6) or PhD in a related field.
• Field / specialty: Cybersecurity, System Security, Binary Analysis, or Low-Level Development, Rust.
• Technologies: Direct experience or motivation to learn fuzzing, symbolic execution, QEMU , or LibAFL is highly appreciated. Expertise in low-level development, regression testing, and Continuous Integration/Continuous Deployment (CI/CD) environments is crucial.
• Other skills / specialties: Ability to work in an international and multicultural research environment. Strong team spirit is sought.
Application
The application must include:
- Detailed curriculum,
- If possible, list of publications specifying the three most important publications, or links to software projects or reports.
- Motivation letter
- References if available.
Applications should be submitted by e-mail to secretariat@eurecom.fr with the reference: SN/AF/Fuzz/102025
Start date: ASAP
Duration: Fixed Term Contract up to 18 months
