UCL InfoSec is Hiring! Info and FAQs

We’re hiring!

We have two faculty positions open, with application deadline 14 November 2021. We seek applicants with expertise that complements or builds on our current strengths, including but not limited to: human factors in security, systems/network security, cybercrime, embedded systems security, cryptography, software security.

Note: we won’t be asking applicants to submit or request reference letters at the time of applications. We will do so only for candidates that are shortlisted for one or more interviews via Zoom/MS Teams. However, please do enter the names/contact details of your reference in the application portal, so we can easily ask them to provide letters for shortlisted candidates.

On this page, I am putting together some unofficial/informal FAQs to provide more information about our “ecosystem.” Caveat Emptor: these are not UCL/HR official guidelines but my personal opinions based on my own experience; you should treat them as such.

Here’s the link to the application page.


1. What is the standard teaching load?

We have two teaching terms (10 weeks plus 1 week break in the middle); ballpark, everyone teaches 1 class per term, but that might vary, e.g., based on the “size” of the class. Some classes are co-taught. Junior faculty often get reduced teaching load for the first 1-2 years. No or reduced teaching is common for grants like ERC or certain fellowships. We also have (paid) sabbaticals of course – 1 term “off” every 3 years.

In addition, we supervise undergrad students for their final year projects and masters students for their summer project (also see 4. below), and serve as personal tutors for a few students a year.

2. Do you follow a specific Research/Teaching/Admin split (e.g. 50/40/10)?

We don’t enforce an “official” split. Personally, I believe our group does world-leading research, so research definitely is and very likely will continue to be a top priority for us. See 1. for teaching and 3. for admin.

3. What is the admin load?

A big, successful department like ours cannot function well unless everybody pitches in. So everyone should do something (duh). Personally, I think it’s best when people find what they feel they can do most productively or passionately, and take charge of that.

Examples include: directing or doing the admissions for our MSc in Information Security, sitting in or leading some departmental committee, leading extra-curriculum activities for/with our students, etc. To be quite honest, the load is pretty low overall.

4. What about summers?

We are paid and have some “duties” all year round. The teaching terms are October-December and January-March. Between late April and early June, there is an exam session for classes of both terms.

June-September is dedicated to master’s projects supervision, although you can usually do that remotely, e.g., if you wish to spend your summer visiting another university or lab, etc. (modulo visa requirements/restrictions).

5. Are faculty positions tenure-track?

No. UCL doesn’t have a tenure track. We have three “levels”: Lecturer, Associate Professor, and (Full) Professor. All have the same “job description.” You can think of Lecturer as the equivalent of Assistant Professor, although with no tenure review.

Most posts, at all levels, have a 1 to 3 years “probation” period, which means faculty could theoretically be dismissed if they repeatedly fail to meet basic objectives. Probation is not even remotely comparable to a tenure review process. E.g., there is no package to submit, or letters. Put quite simply, if we hire you, you should not be worried about it :)

6. How much do you pay?

UCL’s pay scales are public. Associate Profs are appointed at Grade 9, Lecturers (typically) at Grade 8. Pay, spine points, etc. are usually negotiated with the Head of Department. Full Professors are on a banding structure.

You can estimate your take-home pay using websites like thesalarycalculator.co.uk. Note that our pension contributions are now 9.8% pre-tax (sigh), so make sure to keep that into account.

7. Do you offer a start-up package?

Again, this is to be negotiated, but typically, yes, you can expect some “seed” funding for some equipment, travel, and student support.

8. How do you get promoted?

We have a transparent (yearly) process. I think the best way to get an idea of what it takes to get promoted is to look at what “level” people in your area are and compare somewhat. Overall, IMHO our new process works pretty well.

9. Where can I find more information about UCL?

Besides https://www.ucl.ac.uk/about/, I think the UCL HR Pay & Benefits page is a really good resource.

10. What is the Information Security Research (UCL ISec) group? Is it like a department? You are the Head of Group, will you be, like, my boss?

UCL’s CS Department is huge – there are more than 100 academic staff according to this list (and I don’t think that’s up to date). So, we are organized in about a dozen research groups, which roughly reflect shared research interests. This helps, or at least is supposed to, scale up logistics.

As Head of Group, I am nobody’s boss (although I usually am their “line manager,” so I might need to occasionally sign some things) but I represent the group in several meetings (including promotion and hiring committees), and help coordinate a few organizational and strategic things. You can think of me as an interface to the rest of the department and to “management” (Head of Department, Dean of the Faculty, etc.)

11. Who does security at UCL and how is security research “organized”?

The Information Security Research Group (see home page) includes the following faculty:

There are also a number of excellent people doing security research in other groups in CS, or even in other departments; see https://www.ucl.ac.uk/cybersecurity-centre-of-excellence/ for a non-exhaustive list.

Security-related activities we are part of include:

  • Academic Centre of Excellence in Cybersecurity-Research (ACE-CSR)
  • Centre for Doctoral Training in Cybersecurity (CDT InfoSec), which covers about 10 fully-funded studentships at year for PhD students to work on interdisciplinary aspects of security
  • Security Science Doctoral Training Centre (SECReT)
  • MSc Degree in Information Security (MSc InfoSec)
  • Science of Cyber Security Research Institute (RISCS)
  • National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online (REPHRAIN)
  • The International Data-driven Research for Advanced Modeling and Analysis (iDRAMA Lab)
  • Systems Security Research Lab (S2Lab)

12. Sorry what exactly is the Academic Centre of Excellence?

UCL as a university is recognized as an Academic Centre of Excellence in Cybersecurity Research (ACE-CSR) by the UK Government. In their own words, part of the goal in recognising the centres is “to encourage collaboration, enhancing the UK’s knowledge base providing top-quality graduate training, supporting the National Cyber Security Centre (NCSC) and driving up the level of innovation.”

Basically, the ACE-CSR is sort of a meta-lab that includes all academics doing security research at UCL, and facilitates activities, events, dedicated funding opportunities, etc.

13. How do I apply?