Job description
We are in an age of regular news stories about vulnerabilities in organization IT being exploited, for theft of customer data or injection of malware and ransomware. The costs seem to be rising, yet organizations do not still appear to be patching their IT systems, and keeping software up-to-date.
The reality is that organizations face a painful dilemma: patch too soon and incur potential downtime and failures; patch too late and get compromised by attacks. As a result, organizations take a long time to patch even critical security vulnerabilities. The way to get out of this catch-22 is to radically change the risk governance of patching. That is the objective of the NWO-funded THESEUS project: https://www.project-theseus.nl/
In this project, we work with real-world partner organizations, such as KLM-AirFrance, Rijkswaterstaat, City of Amsterdam, City of The Hague, KPN, and the National Cyber Security Center. We engage with risk management and patch management professionals to understand the challenges they face. We will also engage with organization decision-makers and the wider workforce to rationalize their perspective on the benefits and disruptions of keeping systems patched in a timely manner. This work will complement efforts at partner universities to explore automatic vulnerability and patch triaging, risk profiling, and legal instruments such as incentive mechanisms.
We are looking for a motivated researcher interested in collecting and analyzing various types of data from within the partner organizations—such as interviews, surveys, ticketing systems, and incident logs—to understand the organizational and technical practices around patching.
Your PhD, degree(s) and experiences could be from social science or an interdisciplinary program, but also from information systems, telecommunications or computer science. You could have a background in social and organizational research and be willing to learn about the technical factors at play. Or vice versa: you could be a technically trained person with an interest in the social aspects. You would work in close collaboration with researchers from computer science and social science disciplines.
The researcher will be part of an interdisciplinary team of over 20 scientists who jointly research cybersecurity issues. The team consists of people from different disciplines, countries, and backgrounds. Your project also offers the unique opportunity to collaborate with real-world companies in government, healthcare, and various other sectors, within which we, for example, would work closely with security managers and IT management teams. We also work with government organizations and leading solutions providers who are developing policies and practices for organizations. The candidate will have the opportunity to present their work at international conferences, to conduct research abroad and to collaborate with the world's leading researchers working towards a secure digital future.
Job requirements
Required:
- In possession of a PhD or equivalent in a social science / behavioural science / organisational science, or in a field investigating the human aspects of information security (which can include some areas of information systems or computer science).
- English language skills
- Dutch is a plus because we will conduct interviews with employees of Dutch organizations
- Good academic writing skills and excellent communication skills
- Being able to organize your work independently
- Curious and critical mind
- Can work together in an interdisciplinary team
TU Delft (Delft University of Technology)
Delft University of Technology is built on strong foundations. As creators of the world-famous Dutch waterworks and pioneers in biotech, TU Delft is a top international university combining science, engineering and design. It delivers world class results in education, research and innovation to address challenges in the areas of energy, climate, mobility, health and digital society. For generations, our engineers have proven to be entrepreneurial problem-solvers, both in business and in a social context.
At TU Delft we embrace diversity as one of our core values and we actively engage to be a university where you feel at home and can flourish. We value different perspectives and qualities. We believe this makes our work more innovative, the TU Delft community more vibrant and the world more just. Together, we imagine, invent and create solutions using technology to have a positive impact on a global scale. That is why we invite you to apply. Your application will receive fair consideration.
Challenge. Change. Impact!
Faculty Technology, Policy and Management
The Faculty of TPM provides an important contribution to solving complex technical-social issues, such as energy transition, mobility, digitalisation, water management and (cyber) security. TPM does this with its excellent education and research at the intersection of technology, society and policy. We combine insights from both engineering and social sciences as well as the humanities. TPM develops robust models and designs, is internationally oriented and has an extensive network of knowledge institutions, companies, social organisations and governments.
Click here to go to the website of the Faculty of Technology, Policy and Management.
Conditions of employment
- Duration of contract is until 31 March 2026. Temporary.
- A job of 38-40 hours per week.
- Salary and benefits are in accordance with the Collective Labour Agreement for Dutch Universities.
- An excellent pension scheme via the ABP.
- The possibility to compile an individual employment package every year.
- Discount with health insurers on supplemental packages.
- Flexible working week.
- Every year, 232 leave hours (at 38 hours). You can also sell or buy additional leave hours via the individual choice budget.
- Plenty of opportunities for education, training and courses.
- Partially paid parental leave
- Attention for working healthy and energetically with the vitality program.
Will you need to relocate to the Netherlands for this job? TU Delft is committed to make your move as smooth as possible! The HR unit, Coming to Delft Service, offers information on their website to help you prepare your relocation. In addition, Coming to Delft Service organises events to help you settle in the Netherlands, and expand your (social) network in Delft. A Dual Career Programme is available, to support your accompanying partner with their job search in the Netherlands. .
Additional information
For more information about these vacancies, feel free to contact Dr. Simon Parkin (s.e.parkin@tudelft.nl) and/or prof.dr. Michel van Eeten (m.j.g.vaneeten@tudelft.nl).
Application procedure
Are you interested in this vacancy? Please apply no later than 1 June 2026 via the application button and upload the following documents:
- A cover letter explaining your personal motivation in pursuing a postdoc position, including how you see the postdoc position fitting into your career trajectory.
- A CV, which should include details of your eligibility.
- Diploma and transcripts of records (BSc, MSc, and PhD).
- Other information for consideration, e.g., PhD thesis, master thesis, scientific publications, professional or popular science writing.
You can address your application to prof.dr. Michel van Eeten and/or Dr. Simon Parkin.
Please note:
- You can apply online. We will not process applications sent by email and/or post.
- As part of knowledge security, TU Delft conducts a risk assessment during the recruitment of personnel. We do this, among other things, to prevent the unwanted transfer of sensitive knowledge and technology. The assessment is based on information provided by the candidates themselves, such as their motivation letter and CV, and takes place at the final stages of the selection process. When the outcome of the assessment is negative, the candidate will be informed. The processing of personal data in the context of the risk assessment is carried out on the legal basis of the GDPR: performing a public task in the public interest. You can find more information about this assessment on our website about knowledge security.
- Please do not contact us for unsolicited services.
