We are looking for someone to help us continue paving the way in applied research on cybersecure digital systems for connected products! You will join the Cybersecure Digital Systems team and have the opportunity to research new mechanisms and solutions that embed security across the entire product lifecycle—from architecture and development to operation in Cloud and IoT environments. We seek creative individuals eager to develop new cybersecurity technologies and apply them to real services and products, with the goal of building resilient and trustworthy ecosystems for sectors such as industry, energy, transportation, and healthcare. You will work on real-world projects with leading companies, combining applied research and technology transfer, and you will be able to test your developments in advanced environments equipped with specialized hardware and internationally recognized methodologies. **What we offer you:** * You will join a young, professional, and approachable team composed of colleagues with extensive track records and deep experience in the sector—where the technologies of the future are palpably present. * You will have access to highly specialized equipment in a state-of-the-art cybersecurity laboratory. * You will benefit from high-quality, ongoing technical training. * An individualized professional development plan. * A permanent Monday-to-Friday contract with flexible working hours and an exceptionally attractive calendar. * Possibility of remote work up to two days per week, plus an optional third day at one of our offices (Bilbao or Donostia) closer to your residence. **Your responsibilities will include:** * **Security of Connected Platforms (PKI, OTA, APIs):** Design of secure *device\-to\-cloud* identities (PKI, secrets, rotation) and remote update mechanisms (*OTA*) with integrity verification and controlled rollback. Protection of APIs and microservices using *OAuth2/OIDC*, *service mesh*, and *API Gateway/WAF*. * **Secure Architecture and DevSecOps:** Design of *security\-by\-design* architectures for cloud/edge/IoT environments, integrating security into CI/CD pipelines (*SAST, DAST, SCA, IaC scanning, SBOM*) and applying *policy\-as\-code* with automated controls. * **AI and Generative AI for Cybersecurity:** Development of AI-based services for anomaly detection, event correlation, and automatic remediation generation. Use of LLMs and RAG for intelligent incident analysis and *playbook* creation, incorporating control and trust mechanisms (*guardrails*, hallucination mitigation). * **Trustworthy AI and Secure AI Lifecycle:** Application of *Trustworthy AI* principles (security, privacy, transparency, robustness) and data and model governance (provenance, anonymization, version control). Securing autonomous agents (*Agentic AI*) and managing compliance evidence (*model cards*, *SBOMs*, *attestations*). **Our Ikerlan Culture** * The world was not given to us to contemplate, but to transform. * Technology is our attitude. * A living cooperative project, by all and for all. * A work philosophy committed to excellence, closeness, and autonomy. We would love for you to apply—even if you feel you don’t meet all the requirements. What matters most to us is finding authentic, responsible individuals who resonate with our mission and values—not just candidates who check every box. **To thrive in this team, you’ll need:** * Bachelor’s degree in Computer Science, Telecommunications, or related field; a Master’s in Cybersecurity or Artificial Intelligence is valued. * Knowledge of cybersecurity, secure architectures, DevSecOps, and cloud/IoT platforms. * Programming proficiency in common languages (e.g., Python, GO, Java) and experience with CI/CD environments. * Advanced English proficiency and ability to collaborate within multidisciplinary teams. * Experience in AI applied to cybersecurity, generative AI, and tools supporting a secure AI lifecycle is a plus. * A PhD is considered positively. * Strong enthusiasm for continuous learning and embracing new challenges!