PhD Candidate in software engineering for secure systems

Reference number PAR 2026/163

The University of Gothenburg tackles society’s challenges with diverse knowledge. 58 000 students and 6800 employees make the university a large and inspiring place to work and study. Strong research and attractive study programmes attract researchers and students from around the world. With new knowledge and new perspectives, the University contributes to a better future.

Doctoral positionin Doctoral student in software engineering for secure systems

The department of Computer Science and Engineering is strongly international, with approximately 300 employees from over 30 countries. The department is a fully integrated department with the University of Gothenburg and Chalmers University of Technology as principals. The department of Computer Science and Engineering is looking for a doctoral student. The position is placed in the Division for Interaction Design and Software Engineering at the department, with the University of Gothenburg as the employer.

Our division is a leader in research and education on complex, software-intensive systems, with strong international collaborations and close ties to the local industry. With around 50 researchers--including PhD candidates, postdocs, and faculty at all levels--we are one of the largest academic software engineering research groups worldwide. Our core expertise spans AI Engineering, software testing, requirements engineering, behavioral software engineering, and automotive software engineering.

General information about being a doctoral student at the University of Gothenburg can be found on the university’s doctoral student pages. 
?url=https%3A%2F%2Fwww.gu.se%2Fen%2Fdoctoral-studies&module=jobs&id=3213618" target="_blank" rel="nofollow">?url=https%3A%2F%2Fwww.gu.se%2Fen%2Fdoctoral-studies&module=jobs&id=3213618" target="_blank" rel="nofollow">https://www.gu.se/en/­doctoral-studies

Duties   

Modern software systems face fundamental challenges in managing and applying security knowledge. While regulated domains (e.g., healthcare, automotive) document security requirements using techniques like threat modeling, most projects lack explicit security requirements from the start. Even when project-specific security knowledge is documented, it is usually scattered across various documents, such as design sketches, informal notes, and code comments, with no systematic way to trace or enforce it. Static and dynamic analysis tools, though widely used, operate in isolation from this knowledge, leading to incomplete compliance checks. This challenge is amplified in ML-enabled systems, where the black-box nature of ML components makes it difficult to verify security requirements, such as confidentiality constraints.

In this Ph.D. project, you will develop an automated framework to capture, structure, and verify security knowledge throughout the software lifecycle. This framework will address the lack of explicit requirements in early development and the challenges of compliance verification in complex systems. The core technical challenge is to systematically elicit and formalize security knowledge and ensure that it remains actionable and verifiable as the system evolves. By integrating this knowledge with static and dynamic analysis, the framework will enable continuous compliance checks, especially for ML-enabled systems, where traditional methods fall short. The goal is to bridge the gap between security requirements and their implementation by combining empirical research (e.g., case studies, interviews) with tool development (e.g., static analyzers, traceability mechanisms), reducing vulnerabilities caused by overlooked or misaligned requirements.

Your responsibilities will include:

· Conducting empirical studies (e.g., systematic literature reviews, case studies, or interviews) to understand how security knowledge is documented and used in practice.

· Developing automated tools (e.g., static analyzers or traceability mechanisms) to formalize and verify security knowledge, primarily in Java, with potential use of C/C++ or Python.

· Collaborating with academic partners to refine research questions, plan research methodologies, develop solutions, and validate results.

· Publishing findings in top-tier venues (e.g., ICSE, ASE, FSE, TSE, TOSEM, EMSE) and open-sourcing all tools for community use.

This position offers the opportunity to shape the future of secure software development by creating practical solutions that ensure software systems adhere to their intended security requirements. You will work in a supportive academic environment, gaining expertise in empirical research, secure systems engineering, and tool development, while contributing to safer and more reliable software systems.

This is a five-year, full-time doctoral position, where 80% of the time is dedicated to doctoral studies (a full-time equivalent of 4 years) leading to a PhD degree.

As part of your employment as a doctoral student, you may have departmental duties corresponding to up to 20 % of full-time employment, distributed throughout your study period, and result in a corresponding extension of the studies. Departmental duties usually consist of teaching at first- and second-cycle levels, but may also include research and administration. 

Eligibility   

Doctoral education requires general eligibility and, where appropriate, specific eligibility as set out in the general syllabus for the subject.

The general eligibility requirements for doctoral studies are:

1. having completed a degree at second-cycle level, or
2. the fulfillment of course requirements totaling at least 240 credits, of which at least 60 credits must be at second-cycle level, or
3. the acquisition of equivalent knowledge in some other way, either in Sweden or abroad.

Assessment criteria   

The selection of applicants who meet the basic and specific eligibility requirements will be based on the ability to assimilate the doctoral studies.   

Therefore, it is important to include parts of your own work such as theses and articles that you have authored or co-authored. Links to software repositories with relevant projects should be included where relevant.

Fluency in English (both verbal and in writing) is mandatory. Swedish is not a requirement, but the department offers Swedish courses.

Proficiency in programming languages such as Java (primary), with potential use of C/C++ or Python, is required.

Basic understanding of security engineering principles (e.g., threat modeling, secure coding practices, or compliance frameworks like OWASP).

Awareness of challenges in ML-enabled systems (e.g., adversarial robustness, data privacy, or model interpretability) is advantageous but not required.

Experience with static/dynamic analysis tools (e.g., SonarQube, FindBugs, or custom analyzers) or model-driven engineering tools (e.g., Eclipse Modeling Framework, UML tools) is a plus.

Familiarity with software verification techniques (e.g., model checking, theorem proving) or security testing (e.g., penetration testing, fuzz testing) is beneficial.

Prior experience with industry-standard security practices or regulatory compliance (e.g., GDPR, ISO 27001) is a plus.

Admission and employment   

Once you have been admitted to doctoral studies, you will be employed as a doctoral student at the University of Gothenburg.   

The provisions for employment as a doctoral student can be found in ordinance SFS 1993:100.    

Initial employment as a doctoral student may apply for a maximum of one year, and may be renewed by a maximum of two years at a time.  

A doctoral student may be employed as a doctoral student for a maximum of eight years, but the total period of employment may not be longer than the equivalent of full-time education at doctoral level for four years.   

The University applies a local agreement on salaries for doctoral students.

Type of employment: Fixed-term employment, HF 5 kap 7§
Extent: 100% full-time
Location: Department of Computer Science and Engineering, division of Interaction Design and Software Engineering
First day of employment: 2026-09-01 or according to agreement

Please note, doctoral studies at the Department of Computer Science and Engineering require physical presence to conduct the studies. If the admitted applicant needs a residence permit for higher education to pursue studies in Sweden, the Department of Computer Science and Engineering has the right to revoke the admission decision if the applicant cannot present a valid residence permit no later than at the start of the studies.

Contact information 

Information regarding the project, please contact Sven Peldszus sven.peldszusgu.se
Information regarding the position, please contact Eric Knauss eric.knaussgu.se
Regarding the appointment procedure, please contact Jenny Lind jenny.lindcse.gu.se

Unions 

Union representatives at the University of Gothenburg can be found here:   
?url=www.gu.se%2Fom-universitetet%2Fjobba-hos-oss%2Fhjalp-for.%26h&module=jobs&id=3213618" target="_blank" rel="nofollow">?url=www.gu.se%2Fom-universitetet%2Fjobba-hos-oss%2Fhjalp-for.%26h&module=jobs&id=3213618" target="_blank" rel="nofollow">www.gu.se/om-universitetet/­jobba-hos-oss/­hjalp-for.&h p o i n t;.    

Application   

You can apply to be admitted to doctoral education via the University of Gothenburg’s recruitment portal.   

It is your responsibility to ensure that the application is complete as per this notice, and that the University receives it by the final application deadline.   

The application is to be written in English.

The application should include the following items: ?

· An application of a maximum of one A4 page summarizing your track record, outlining your research interests, and motivation for obtaining a PhD.?

· Attested copies of education certificates, including grade reports and other documents ?

· Curriculum Vitae

· Letters of recommendation and name of reference persons (preferably at least 2)

· Evidence of written work: (links to) research papers and theses ?

· Links to software repositories with relevant projects?

  

Applications must be received by: 2026-03-31

Information for International Applicants 

Choosing a career in a foreign country is a big step. Thus, to give you a general idea of what we and Gothenburg have to offer in terms of benefits and life in general for you and your family/spouse/partner please visit: 

https://www.gu.se/en/about-the-university/welcome-services 
?url=https%3A%2F%2Fwww.movetogothenburg.com%2F&module=jobs&id=3213618" target="_blank" rel="nofollow">?url=https%3A%2F%2Fwww.movetogothenburg.com%2F&module=jobs&id=3213618" target="_blank" rel="nofollow">https://www.movetogothenburg.com/  

  

The University works actively to achieve a working environment with equal conditions, and values the qualities that diversity brings to its operations.

In accordance with the National Archives of Sweden’s regulations, the University must archive application documents for two years after the appointment is filled. If you request that your documents are returned, they will be returned to you once the two years have passed. Otherwise, they will be destroyed.

In connection to this recruitment, we have already decided which recruitment channels we should use. We therefore decline further contact with vendors, recruitment and staffing companies.