• Working independently and collaboratively with a team to both lead and support • Perform penetration testing on applications with complex technology stacks from both a blackbox and whitebox perspective. • Dynamically flex your skills when assessing emerging or custom technologies. • Contextualize vulnerabilities and assess realistic impact to a client accounting for mitigating and aggravating factors. • Manage priorities and tasks to achieve utilization targets. • Operate with professionalism both internally and with clients. • Ensure quality reports and services are delivered efficiently and on time. • Maintains strong depth of knowledge in the practice area. • Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.

• Working independently and collaboratively with a team to both lead and support • Perform penetration testing on applications with complex technology stacks from both a: • Blackbox perspective • Whitebox perspective • Dynamically flex your skills when assessing emerging or custom technologies. • Contextualize vulnerabilities and assess realistic impact to a client accounting for mitigating and aggravating factors. • Manage priorities and tasks to achieve utilization targets. • Operate with professionalism both internally and with clients. • Ensure quality reports and services are delivered efficiently and on time. • Maintains strong depth of knowledge in the practice area. • Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.

• Lead the security of Alpen’s cloud infrastructure, production systems, internal platforms, and operational environments. • Design, implement, and maintain security controls across AWS and cloud-native infrastructure. • Lead infrastructure hardening initiatives across servers, containers, Kubernetes clusters, and cloud services. • Drive identity and access management programs, including least-privilege access, RBAC, privileged access management, and secrets management. • Own vulnerability management processes, remediation programs, and infrastructure security reviews. • Build and improve security monitoring, detection engineering, alerting, and incident response capabilities. • Investigate security incidents, conduct root-cause analysis, and lead response and recovery efforts. • Develop and maintain incident response playbooks, operational procedures, and security runbooks. • Partner with engineering teams to secure CI/CD pipelines, deployment workflows, and developer platforms. • Review infrastructure architecture and operational changes to identify and mitigate security risks. • Automate security controls and integrate security tooling into engineering workflows. • Conduct threat modeling and architecture reviews for infrastructure and platform services. • Support endpoint security, device management, vendor security assessments, and internal security initiatives. • Establish security metrics, reporting, and visibility into operational risk across the organization. • Collaborate effectively within a globally distributed team.

• Assessment di conformità e gap analysis rispetto a normative e framework (NIS 2,DORA, GDPR, CRA, FNCS, ACN Determinazioni 2024-2025) • Implementazione di SGSI e modelli di gestione secondo ISO 27001, ISO 27002, ISO27005, ISO 22301 • Supporto al CISO e alle funzioni aziendali di sicurezza nella definizione di policy, processi e controlli • Attività di virtual CISO, risk management, compliance management e advisory su progetti di cyber governance • Supporto alla preparazione di accreditamenti e verifiche ACN (Cloud PA, QC1, PNCS, NIS 2) • Redazione di documentazione tecnico-organizzativa (procedure, registri, piani, report, autodichiarazioni di rischio)