Job offer

Organisation/Company: Fondazione Bruno Kessler

Research Field: Other

Researcher Profile: Other

Profession: Positions: PhD Positions

Country: Italy

Application Deadline: 26 Aug 2025 - 16:00 (Europe/Rome)

Type of Contract: Temporary

Job Status: Full-time

Is the job funded through the EU Research Framework Programme? Not funded by a EU programme

Is the Job related to staff position within a Research Infrastructure? No

Software Systems are continuously and rapidly evolving, requiring engineers to address increasingly new complex and multi-dimensional aspects. These include for example the integration of Artificial Intelligence (AI), compliance with new and evolving EU Regulations (e.g., EU AI Act, NIS2, GDPR, etc.), and ensuring that systems are secure, ethical and trustworthy.

To meet these demands, current practices in Secure Software Engineering and DevSecOps (Development, Security, and Operations) must be extended to address these new challenges. Especially when considering DevSecOps for Cloud Native Applications, where the attack surface spans multiple layers (e.g., code, container, deployment, orchestrator, etc.). "The purpose and intent of DevSecOps is to build on the mindset that everyone is responsible for security with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the safety required", describes Shannon Lietz, co-author of the "DevSecOps Manifesto".

DevSecOps is an approach to automate the integration of cybersecurity processes at every phase of the software development lifecycle, from initial design through integration, testing, deployment, and software delivery. It represents a natural and necessary evolution in the way development organizations approach security. For Cloud Native Applications, security regards multiple levels (code, container, deployment, orchestrator, etc.) and the approach to introduce security should consider all of them.

In this context, the thesis aims to investigate one or more of the following topics: Securing and Monitoring Software Supply Chain in SDLC; Development of novel techniques for Secure Software Engineering; Application of AI to DevSecOps as a support for configuration, diagnosing, resolving problems or compliance with Regulations (EU AI Act, NIS2, GDPR, NIST, etc.); Development of Trustworthy and Transparent Software Systems.