INTERN - Cybersecurity Research Intern

Cybersecurity Research Intern (Graduate)

Job Title: Cybersecurity Research Intern (Graduate)

Brief Description:

This internship offers a unique opportunity to work at the intersection of cybersecurity, healthcare, and medical device security, contributing to advanced research in a collaborative international environment. This intern will be paid a monthly allowance of SGD 1500.

Campus Location: CREATE Tower, 1 CREATE Way, Singapore

Duration: 3 – 6 months

Key Responsibilities

• Assist in the development and implementation of security assessment tools for medical devices
• Use industry-standard tools for vulnerability analysis, penetration testing, and security intelligence
• Collaborate with the team on software composition analysis and automated security testing
• Analyze and interpret security data to enhance medical device protection
• Document research findings and contribute to presentations and publications

Requirements

• Education: Bachelor's degree in Computer Science, Computer Engineering, Informatics or a related field; preferably from a reputable university.
• Background: Strong foundation in cybersecurity concepts.
• Programming: Proficiency in Python or equivalent languages.
• Self-Learning & Problem-Solving: We do not teach coding; candidates must be either capable of solving complex programming/software engineering tasks, or should be able and willing to independently learn and apply advanced programming skills to complete these tasks.
• Experience: At least one of the following:
• data crawling and mining,
• performing security tasks (such as pen-testing)
• using LLMs to solve problems (e.g. prompt engineering)
• Desirable Skills:
• Knowledge of firmware security and binary analysis.
• Web development (front-end or back-end) experience.
• Familiarity with automation scripting.

Potential Topics for Internship

1. Open-Source Software & Vulnerability Data Processing

Abstract: The evolution of personalized healthcare depends on secure and robust medical devices that are protected against known vulnerabilities. This project focuses on developing automated tools for collecting, cleaning, and labeling open-source software and vulnerability data specific to medical devices. The research will incorporate web crawlers and LLMs to automate data processing and determine medical relevance, contributing to a comprehensive vulnerability database for healthcare technologies.

2. Security Intelligence System Development

Abstract: The increasing connectivity of medical devices highlights the critical need for comprehensive security intelligence systems. This project will focus on collecting and processing malware, APT, and other security intelligence data relevant to medical devices. The research will explore methods for integrating security intelligence with open-source vulnerability data, using LLMs for data cleaning and clustering, implementing incremental update logic, and developing an intuitive web portal for displaying security insights.

3. Medical Data Binary/Firmware Analysis

Abstract: As medical devices become increasingly sophisticated, understanding their firmware security becomes crucial. This project focuses on collecting and organizing medical-related binary firmware data and conducting comprehensive security analysis. The research will develop methodologies for systematic firmware assessment and vulnerability detection in medical device software.

4. SCA Framework Development

Abstract: Software Composition Analysis (SCA) is vital for understanding and securing medical device software ecosystems. This project involves maintaining and enhancing an existing SCA framework, including front-end UI improvements, bug fixes, feature updates, and back-end optimization. The research will focus on developing efficient algorithms and server-side implementations to strengthen medical device security assessment capabilities.

5. Automated Penetration Testing

Abstract: Comprehensive security assessment of medical devices requires robust automated testing capabilities. This project will focus on automating existing penetration testing tools to achieve full automation, testing security tools on medical devices and networks, and developing user-friendly interfaces for automation tools. The research aims to create standardized, repeatable security assessment methodologies for medical device ecosystems.

6. Risk Mitigation Strategies

Abstract: Identifying vulnerabilities is only the first step in securing medical devices. This project focuses on developing comprehensive risk mitigation strategies for vulnerabilities identified through SCA or penetration testing. The research will include implementing monitoring algorithms for risk assessment and creating actionable security recommendations for medical device manufacturers and healthcare providers.

The successful candidates will join the research programme which represents a collaboration between the United Kingdom and Singapore and will be based at the newly established Imperial Global Singapore (IGS) housed within the unique CREATE campus.

IN-CYPHER, the inaugural research program of IGS in collaboration with NTU, addresses the growing connectivity of medical devices and their associated data. While these advancements enhance device performance, they also pose security challenges. IN-CYPHER focuses on security, privacy, and trust in healthcare technologies through four themes:

1. Protecting Implantable Active Devices
2. Securing Connected Wearables and Healthcare Systems
3. Algorithms for Security, Privacy, and Provenance
4. Clinical Innovation & Translation

For more information visit: Imperial/NTU CYber Protection for HEalthcaRe (IN-CYPHER) research programme

To apply

Please submit your CV and a brief cover letter below. The cover letter should highlight your expereince and intersts.

Questions about the recruitment process, should go to Paige Noyce, Associate Director [email protected].