Funding reference
Fondo IPCEI - Intervento Infrastrutture e servizi cloud (CIS)
D.M. di attivazione 27 giugno 2022 - D.D. di apertura 23 febbraio 2024
Prog. n. IPCEI-CL_0000007 - CUP C68H24000600006
Responsabile del Procedimento: Alessandro Dalla Torre

Tenure Track Research position in Automated Assistants for Actionable Security.
This position is partially funded by the Piano Nazionale di Ripresa e Resilienza (PNRR) initiative.

Fondazione Bruno Kessler (FBK) is a private research institution devoted to excellence in research in numerous disciplines and designated to the role of keeping the Autonomous Province of Trento in the mainstream of European and international research. Each research area is assigned to a specific research Centre, of which there are twelve totals. Information regarding the research Centres, their activities and production are available at http:/www.fbk.eu/research-centers.

In particular, the FBK Cyber Security Centre (CS) develops digital technology and cyber security to foster collaboration between the various stakeholders through a combination of IT risk management techniques (in order to develop highly innovative security solutions that will mitigate vulnerabilities and reduce the risk of attacks) as well as trust management techniques (to improve the interaction between people and technology). As part of the FBK mission, which aims to achieve results of scientific excellence and to produce an impact on society, the Center's mission is to make these techniques available to the largest number of organizations, including SMEs, which account for a substantial part of the EU economy but lack cybersecurity expertise. To this end, integrating automated cyber risk assessment support with trust management that will have the ability to produce operational suggestions to assist ICT solutions designers, developers and administrators in their daily activities is critical.

Background information and description of research projects

This position is offered within the IPCEI Next Generation Cloud Infrastructure and Services (CIS): 8ra and the FBK CAITE project.
The 8ra Initiative is a strategic European endeavour dedicated to create a resilient and scalable digital infrastructure tailored to Europe’s needs. At its core is the Important Project of Common European Interest on Next Generation Cloud Infrastructure and Services (IPCEI-CIS), bringing together 12 EU member states and about 120 industrial and research partners to drive Europe’s digital sovereignty. The main goal of IPCEI-CIS is to establish a "Multi-Provider Cloud-Edge Continuum" that operates independently of any single provider. This continuum embodies the seamless fusion of cloud and edge computing, enabling the flexible allocation of resources and applications between the cloud and the network edge. In 8RA, FBK is responsible for the project Cybersecurity & AI at the Edge (CAITE) whose aim is twofold. First, it aims to bring AI at the edge, by providing scalability and resource efficiency through the development of cooperative, distributed AI algorithms, optimising data, energy, and processing resources while adapting to the different computational environments and capabilities. Second, the project emphasises the creation of security, privacy-enhancing, and trust-aware services to ensure resilience and compliance in distributed AI-enabled applications.
Three research centers of FBK cooperate and develop CAITE: the Augmented Intelligence Center, the Center for Cybersecurity, and the Digital Society Center.
Depending on organizational needs, the selected candidate may also be involved in additional activities or projects within the Centre.

Workplace Description

The candidate will be working in the Security & Trust Research Unit (ST). ST researchers develop innovative tools for the (automatic) validation of security protocols. One such tool is TLSAssistant, which automates the security assessment of cloud infrastructures by utilizing international technical guidelines to validate and promote a secure deployment that is free of vulnerabilities and misconfigurations that might hinder the secure use of the transport layer. TLSAssistant also generates actionable reports able to guide service providers in seamlessly securing new and existing deployments. In the context of the project IPCEI-CIS, TLSAssistant will be integrated into cloud infrastructures to secure the usage of container-to-container and cloud-native transmissions. The ST research unit of FBK-CS is looking to hire a dynamic and highly motivated developer to support the aforementioned research activity. The selected figure will support research in the design and development of tools for the automatic validation of security protocols (spanning from TLS, the de facto standard for secure data transmission over networks, SSH and QUIC). The aim is to assist users in developing correct implementations and configurations, identifying vulnerabilities, and proposing countermeasures to mitigate them. The ultimate goal is to enhance the security posture of systems used worldwide.

Job Description

The purpose of FBK’s Tenure Track program is to offer high level professionals the opportunity of pursuing a structured career path in order to become a tenured researcher contributing to the long- term strategy of the organization.
Within this framework, FBK-CS is seeking a dynamic, highly motivated researcher in the field of Cyber Security with a focus on the assisted security and compliance assessment of cryptographic protocols for digital identity solutions or distributed systems based on a Zero Trust architecture. Cryptographic protocols (e.g., QUIC, OAuth/OpenID Connect, TLS) are the key enabler for digital identity solutions and the protection of data in distributed systems and cloud-edge infrastructures. For these reasons, the secure design and deployment of cryptographic protocols is a mandatory prerequisite for building trust in digital ecosystems and is an obligation shared by security practitioners, IT administrators, smart applications and users. The challenge is to deal with the complexity of the modern cryptographic protocols and application scenarios (e.g., digital identity wallets and AI agents), by eliciting the relevant requirements, the expected security properties and attacker capabilities, and by providing methodologies to (easily) specify them. The resulting approach should be able to guide users during the design and deployment of cryptographic protocols, by providing actionable hints to specify the protocols and assessing their security and compliance with regulations, contributing to proper security in different layers of the communication stack and possibly providing end-to-end protection. The position involves the design, implementation, validation and integration of innovative methodologies capable of automating both conformance and compliance assessments of secure communication protocols including those for protecting point-to-point channels or messaging applications. For instance, TLS -a suite of cryptographic protocols that ensures confidentiality and integrity among two parties communicating across an unsecure channel-is the de facto standard when it comes to securing point-to-point transmissions and its wide deployment, together with the impact misconfiguration can cause, makes its validation a key point in current infrastructures. Similar observations hold for securing protocols supporting end-to-end communication at the application level or Virtual Private Networks. Research activities will include exploring strategies for the validation of network traffic at different levels of the ISO/OSI stack, also considering the applicability of these strategies in real-time and low resource environments while guaranteeing security at the application level and support application level communication channels across cloud-edge infrastructures.

As part of the tenure-track career path, the successful candidate will also be expected to assume leadership responsibilities, supervise PhD students, and contribute to shaping the long-term research agenda of the research center.

Job responsibilities

The candidate will join the Security & Trust Research Unit of FBK-CS, and will work with partners involved in industrial collaborations or national and international research and innovation projects.

The candidate is expected to:

Conduct research and innovative activities in the broad area of Cyber Security with a focus on the assisted security and compliance assessment of cryptographic protocols in the context of cloud-edge infrastructures.
Participate in research and innovation projects, including those in the context of research and industrial collaborations with national and international bodies.
Contribute to the center's publications, with a good degree of autonomy, proposing innovative topics at the group level.
Contribute to the sustainability of the center by acquiring project funding and fostering collaborations.
Contribute to the communication and dissemination of research outputs by engaging at national and international events.
Co-advise students at Bachelor, Master, and PhD levels.

Job requirements

The ideal candidate should have:

PhD in Cybersecurity or related fields;
A relevant record of publications (related to the topic of the position) in high-impact journals and top-level conferences;
Research experience in the following topics:
- automated analysis of network security protocols;
- vulnerabilities detection and actionable mitigations in cryptographic protocols (e.g., TLS);
- analysis of security policies and conformance requirements for cryptographic protocols (e.g., VPNs);
- study of PKI and trust management models (e.g., those based on OpenID Federation);
- analysis of revocation mechanisms in the context of X.509 certificates and Digital Credentials for digital wallets (e.g., EUDI Wallet).
Intellectual autonomy, strong commitment to achieving assigned objectives, and applying research results in real-world applications;
Excellent problem-solving skills and result orientation;
Excellent verbal and written communication skills;
Good team working attitude;
Good self-organization and autonomous operation;
Language assessment according to the Common European Framework of Reference for Languages (CEFR): level of knowledge required. Knowledge of English will be verified during the interview on a technical or scientific topic and must be equal to or exceed level B2.

Additional requirements:

Teaching experience in security-related topics.
Previous experience as a speaker at national and international conferences.
Previous experience in designing and executing user studies.
Previous experience with international research projects (EU Horizon, ERC, national or industry-funded) with evidence of contribution to system design, implementation, or security evaluation.
Experience in mentoring and co-advising Bachelor, Master, and PhD students.
Previous experience with dissemination events related to cybersecurity awareness.

The Bruno Kessler Foundation invests in people’s growth and promotes a stimulating environment that values talent. Through the Talent Development Program, each participant will be engaged in a tailored experiential journey designed to enhance skills, attitudes, and aspirations. Concrete tools for professional growth will be available, including personalized assessments to understand and develop individual potential, structured career paths to help shape the future, and development strategies within a dynamic and innovative scientific environment.

Employment

Type of contract: Tenure Track contract, leading to an FBK 3rd Level Researcher (R3) permanent contract
Working hours: full-time (38 h per week)
Start date: March 2026
Duration: The duration of the Tenure Track contract will be determined by the Committee based on the scientific objectives and the assigned KPIs (at least one year, which may be reduced in accordance with the Committee assessment on the candidate's abilities and skills). The scientific objectives will be linked to IPCEI ME/CT project objectives. If the final assessment of the Tenure Track experience is positive, the selected candidate for the tenure track position will be offered a permanent R3 contract
Contract type: CCPL Research Foundation Personnel (https://trasparenza.fbk.eu/ita/Personale/Contrattazione-collettiva/Rinnovo-CCPL-delle-Fondazioni) the current gross annual remuneration is Euro 44.087,26 corresponding to a Third level Researcher
Workplace: Povo, Trento (Italy)
Benefits: flexi-time, company subsidized cafeteria or meal vouchers, internal car park, welcome office support for visa formalities and for research in accommodation, supplementary pension (Resaver, Laborfonds) and health fund (Sanifonds), family-work balance, free training courses, support on bank account opening, discount on public transport, sport, language course fees, counseling and psychological support service. More info at https://www.fbk.eu/en/work-with-us/

Interested candidates are requested to submit their application by completing the online form (https://jobs.fbk.eu/). Please make sure that your application contains the following attachments (in pdf format):

detailed CV, including a list of publications;
cover letter explaining your motivation for this specific position;
statement of Research Interests.

Application deadline: 9th December 2025

Selection process and assessment criteria

The Evaluating Committee will be appointed by the Foundation's Secretary General at the end of the application deadline.

The commission must meet the conditions provided by the guidelines PNRR and Tenure Track procedure, which consists of: an external expert to the Foundation, recognized in the technical-scientific and disciplinary fields relevant to the Call for the Tenure Track Position; the Head of the People Innovation for Research Service; the Head of Research Assessment; two of the Foundation's Center Directors engaged in the disciplinary domain related to the Call for Tenure Tracks; the Head of the Research Enhancement Special Purpose Unit, or their delegates.
The recruiting process will be handled in accordance with the “Gender and generational equal opportunities, as well as the employment inclusion of people with disabilities in public contracts financed with the resources of the PNRR and PNC” guidelines and with the Foundation's Gender Equality Plan.
The short-list shall be compiled based on the requirements set out in the call (contained in the requirements of the job description), with the support of the screening of CVs and any other required documents.
Candidates with a minimum score will be admitted to the interview phase. Shortlisted candidates must do at least one interview with the Institutional Committee.
In case of specific need, the Selection Committee can also meet remotely, by teleconference or videoconference, provided that all members can be identified and that they are able to follow and intervene in the discussion, as well as to receive, transmit and view documents.
During the evaluation step, evaluation support tools such as tests or questionnaires may be used. Furthermore, group tests and/or practical tests may be administered.

Evaluation criteria

The selection process includes two evaluation moments led by the Commission: the screening and the interview phase.
The screening process will be based on the evaluation of the qualifications and expertise that the candidate expresses on the resume. A maximum of 40 points will be allocated to this assessment phase and only candidates obtaining at least 25 points will be admitted to the interview.
The interview scores will be assigned to candidates by the Commission according to the following criteria: the presentation of their personal research profile; the knowledge about the scientific domain, the experience in working for research projects and the language skills.
A maximum of 60 points will be allocated to this assessment phase. The interview is considered as “passed” if the applicant obtains at least 45 points.
The final score will be used to generate the final suitability list for each job position.

Results of the selection process

All candidates will be notified via email once the selection process has been completed. The suitability list may be used to fill the position in case the successful candidate doesn’t accept the job offer.

At the website https://jobs.fbk.eu/ in the "Selection results" section, will be published the details of the selection process and the final results.

Diversity & Inclusion policy

FBK actively seeks diversity and promotes inclusion in the workplace. The main aims of the FBK Diversity & Inclusion policy are to:

promote gender equality across the research domains and on all levels by encouraging qualified female candidates to apply for job positions and by implementing specific improvements and measures as stated in the Gender Equality Plan (GEP)
foster young talents development by offering opportunities to grow
become a disability-inclusive organization by encouraging applications from candidates with a disability (Law 68/99). We provide special assistance to applicants during the recruitment procedure and reasonable arrangements for disabled staff
promote a healthy work-life balance by offering a package of flexible working arrangements and facilities (telework, individual working time, parental leave, etc).

The FBK operates in compliance with current legislation concerning fixed-term contracts. Candidates with disabilities are invited to state whether they belong to the categories referred to in Law 68/99, and to indicate this in the curriculum vita sent in application for recruitment.

Processing of personal data

Pursuant to art. 13 of EU Regulation No. 2016/679 (GDPR), we inform you that your personal data shall be processed for the management of the selection process and of the obligations connected to it, through manual, electronic and informatic means and will be guaranteed within privacy and security standards as indicated in the full privacy policy.

In order to ensure and respect the principles of publicity, transparency and impartiality, the name of the successful candidate and the names of suitable candidates will be published on the FBK website following acceptance of the position.

For further information, please contact the People Innovation for Research Department at jobs@fbk.eu.

Tenure Track Research position in Automated Assistants for Actionable Security. This position is partially funded by the Piano Nazionale di Ripresa e Resilienza (PNRR) initiative.