Role Description Cerchiamo una/un Senior Cloud Platform Engineer – Bare Metal & Platform Security per rafforzare il nostro team di Platform Engineering. Se sei una persona che va più in profondità degli altri – che sa cosa succede sotto Kubernetes, che progetta la sicurezza della piattaforma prima ancora che qualcuno la chieda – questo ruolo è fatto per te. Lavorerai su infrastrutture bare metal, ambienti ibridi e data center enterprise, portando un approccio Security-by-Design end-to-end: dalla supply chain del software all’identity, dalle policy di compliance al runtime. Impatto diretto, clienti esigenti, nessuna scorciatoia. - Progettare e gestire infrastrutture bare metal in ambienti on-premise, edge e ibridi: provisioning, networking, storage e lifecycle dei nodi fisici - Costruire e mantenere piattaforme Kubernetes su bare metal sicure by design: supply chain, policy enforcement, identity e zero trust - Essere il punto di riferimento tecnico per clienti enterprise su temi di hardening, compliance e sicurezza della piattaforma in ambienti regolamentati - Guidare attività progettuali, fare mentoring su temi di infrastruttura e sicurezza, e coordinare team tecnici cross-funzionali Qualifications - Esperienza nel provisioning e lifecycle di server fisici: IPMI/BMC, PXE boot, MAAS, Tinkerbell o strumenti equivalenti - Kubernetes su bare metal: kubeadm, k3s, Talos Linux, RKE2; gestione avanzata di networking (Cilium, Calico) e storage (Rook/Ceph, Longhorn) - Progettazione di ambienti edge e ibridi: connettività site-to-site, sincronizzazione workload, gestione di nodi remoti con risorse limitate - Hardening OS e firmware: gestione BIOS/UEFI, Secure Boot, TPM, CIS Benchmarks, immagini immutabili (Flatcar, Talos) - Osservabilità infrastrutturale: Prometheus, Grafana, Loki, Alertmanager; monitoring hardware (IPMI exporter, node exporter) - Conoscenza di ambienti industriali e edge: K3s, MicroShift, gestione flotte di nodi con Fleet o Rancher - Secrets management avanzato: HashiCorp Vault, External Secrets Operator, integrazione con HSM o KMS cloud Requirements - Supply chain security: SBOM (Syft, Grype), firma artefatti con Sigstore/Cosign, Notation; verifica dell’integrità delle immagini container - Policy & Compliance as Code: OPA/Gatekeeper, Kyverno; gestione conformità su ambienti regolamentati (ISO 27001, NIS2, SOC2) - Identity & Zero Trust: gestione PKI interna, cert-manager, SPIFFE/SPIRE, mTLS, integrazione con vault (HashiCorp Vault, Sealed Secrets) - Runtime security e threat detection: Falco, eBPF (Tetragon), audit logging, incident response su piattaforma - Esperienza su infrastrutture ibride: integrazione bare metal con ambienti AWS, Azure, GCP; networking multi-site e connettività privata - Infrastructure as Code: Terraform, Ansible, GitOps (ArgoCD, Flux); automazione provisioning bare metal con cloud-init, Kickstart o Ignition - Amministrazione avanzata Kubernetes su bare metal (CKA + CKS richiesti); esperienza con cluster multi-tenant e isolamento workload - Conoscenza Red Hat OpenShift su bare metal e/o VMware Tanzu – desiderata Benefits - Formazione continua: 1 giorno al mese dedicato alla formazione tramite l'ausilio di piattaforme dedicate - Recharging Friday (1 venerdì a trimestre retribuito) - Voce amica - Ticket Restaurant elettronici - Welfare aziendale - Lavoro in un contesto aziendale giovane, dinamico, tecnologicamente innovativo

• Build and run core security capabilities - Stand up and operate the foundations of our security stack: secure development, vulnerability management, cloud security, and security architecture. • Own our security tooling - Select, deploy, configure, and fine-tune tools across scanners and ensure they deliver actionable signals, not noise. • Embed security into engineering workflows - Partner with product and platform engineers to make “secure by default” the easiest path. Help design guardrails that support, not slow down, developer productivity. • Drive pragmatic vulnerability management - Triage and risk-assess vulnerabilities, shape remediation priorities with teams, and track progress so we’re focusing on what matters most. • Continuously improve how we operate - Refine processes, automate wherever possible, and make sure our security practices scale as the company, product, and customer base grow.

• Enable SailPoint’s Cybersecurity governance activities such as documenting policies, standards and procedures as well as assessing policy effectiveness and compliance. • Build Cybersecurity documentation, ensuring alignment with applicable laws, regulations, policies, and standards, as well as industry best practices. • Collaborate with Cybersecurity, IT and Engineering teams to manage and maintain security documentation to align with industry frameworks and overall Cybersecurity and business strategy. • Facilitate timely execution of Cybersecurity GRC team deliverables and collaborate across the different services for successful delivery. • Utilize GRC tools to manage policy content used across SailPoint. • Support internal & external Audit readiness/requests and work collaboratively with internal Compliance teams. • Support GRC services with emerging, new, and existing Cybersecurity laws, frameworks, and regulations.

Bulletproof from Worknest are looking for a new Red Team Specialist to join its growing dedicated Red Team. As a Red Team Specialist within Bulletproof you will be expected to deliver advanced simulated attack engagement to clients across numerous industries. You will be a part of every phase and aspect of Red Team delivery, from initial access to tailored impact scenarios. At Bulletproof we use a blend of cutting edge commercial and internally developed tooling to deliver our engagements. Innovation and a drive to deliver the best possible results for our clients is at the core of everything we do. You will act as one of or the sole delivery resource for Red Team engagements at Bulletproof. You will be expected to deliver, full red team engagements, purple teams, assumed breach engagements and look to achieve the required accreditations to join work on regulated projects in the future. You should be able to work independently and as part of a small team, following framework guidance and internal methodologies to deliver complex and bespoke red team engagements. Your responsibilities will include: · Delivering comprehensive red team operations by serving as the either the primary technical operator or one of a team on both threat intelligence-driven and standard adversarial engagements, where you'll be required to follow scenario execution plans, manage your resources and timelines, and make critical technical decisions that drive successful outcomes in complex, high-stakes environments. · Leverage deep technical expertise in operating systems, network architecture, and infrastructure fundamentals to execute sophisticated attack chains and navigate complex enterprise environments during red team operations. · Collaborate with external teams to deliver training and insights to enhance blue team capabilities, which requires in depth understanding of current tools and techniques, not just how to run them. · Help define, document, and continuously refine internal technical processes, service methodologies. · Contribute to ongoing tool development and research actions to help enhance our team capabilities and support the wider community where possible. · Support with various client pre-engagement interactions, including scoping activities and proposal drafting; · Provide well-written, concise, technical and non-technical reports in English; · Develop and deliver in house training where required; · Support the Marketing team with the development of content (including, but not limited to: Blogs, Social Media Posts, and Articles) to help raise the profile of Bulletproof's Penetration Testing and other services; · Support the QA process to ensure high quality client reports are delivered in accordance with applicable Service Level Agreement (SLA); · Perform formal and comprehensive penetration testing assessments if required; · Any other appropriate job duties in line with the associated skill and experience of the post holder. Skills, Experience and Qualities Required: - Be a UK citizen with a right to work in the UK, we are currently not accepting applications outside of the UK or considering visa sponsorship. - We are looking for someone to join the team and help us drive the service forward from the start, therefore a minimum of 2 years proven prior experience delivering Red Team engagements is essential. - Strong technical skills within your given specialism(s) e.g. Initial Access, EDR Bypass, Cloud Exploitation, Malware & Exploit Development etc. - Motivated, able to collaborate, work as part of a team or independently and communicate to clients clearly. - For UK operations, the ability to hold or maintain security clearance may be required - Knowledge of how modern offensive and defensive solutions are designed and deployed across different platforms; Highly Valuable Skills: - Experience operating on Red Teams within the regulated sector under frameworks such as TIBER-EU/DORA or STAR. - Strong coding abilities in your preferred language ideally C/C++, GO, Rust, or python. - Deep knowledge of C2 frameworks and supporting approaches such as operational security and extending functionality on both commercial and open-source frameworks. - Proven track record of tool development or contributions to open-source projects. - Deep technical familiarity with offensive and defensive concepts and protocols. - Extensive understanding of MITRE ATT&CK framework, and various security frameworks associated with red teaming such as TIBER-EU. Qualifications Required: Any of the following qualifications are preferred. - Recognised Red Team specific qualifications such as CCSAS/CCRTS, CRTO, CRTL, OSED, OSCE, CRTM/PACES - GXPN, GPEN, OSCP, GWAPT or similar certifications may also be considered Personal Attributes: - Excellent spoken and written communication skills with strong attention-to-detail and accuracy; - A passion for security and networks; - Analytical and problem-solving skills with a can-do attitude and the ability to think laterally; - Self-motivation with a commitment to continued development; - Ability to work independently and as part of a team; - Influencing and negotiation skills with the ability to build relationships at all levels; - Willingness to learn. Benefits: - Birthday holiday - Discounted Private Medical Insurance - Gym Membership - VITO days - X2 paid volunteer days - Enhanced Family Related Leave Pay - Standard Life Salary Sacrifice Pension - Social Events We understand that job descriptions provide only a brief overview of a role. If you would like more information, please feel free to reach out or submit an application, and we will be happy to share further details. WorkNest is an equal opportunity employer. We celebrate diversity and are committed to fostering an inclusive environment for all employees.