Company Description

Sovereign AI is an AI infrastructure and solutions provider building the next generation of sovereign-grade AI data centres across EMEA. Designed for resilience, security, and scale, Sovereign AI enables commercial and government customers to deploy advanced AI with confidence in environments where performance, reliability, and compliance are non-negotiable. Focused on regulated and mission-critical sectors including Government, Defence, Healthcare, and Financial Services, Sovereign AI is creating the trusted foundations for AI adoption at scale, combining robust infrastructure with disciplined governance to support long-term innovation and national-level capability.

What you'll be doing

• Conduct hypothesis-driven hunts across IT and OT environments to identify adversary activity using telemetry from SIEM, EDR, and network sources.

• Analyse external and internal feeds, IOCs, and TTPs to identify threats relevant to Sovereign AI’s sector and customer base.

• Provide contextual intelligence and adversary insights to SOC analysts to ensure alerts are triaged with reference to current threat behavior.

• Partner with Security Content Engineers to translate intelligence into actionable detections and purple-team use cases.

• Track campaigns targeting Government, Defence, Healthcare, and Financial Services, including nation-state and criminal groups.

• Develop and maintain a threat knowledge base aligned with MITRE ATT & CK, capturing adversary profiles and campaign tracking.

• Apply hunting techniques to specific risks within data centre operational technology (OT), building management systems, and AI platforms.

• Produce periodic reports and briefings for the CISO and executive stakeholders, articulating risk in business terms.

• Provide intelligence-led support to incident response, including adversary attribution and post-incident assessments.

• Feed lessons learned back into detection engineering and security controls to raise the organisation’s threat readiness.

Qualifications & Skills

• Recognised certification in threat intelligence or hunting (e.g., GCTI, GCFA, CREST CRTIA/CPTIA) is strongly preferred.

• 4–7 years’ experience in threat intelligence, hunting, or incident response within a SOC, MSSP, or large enterprise.

• Experience within AI, cloud infrastructure, or regulated sectors like Defence, Healthcare, or Financial Services.

• Substantial knowledge of MITRE ATT & CK, the Diamond Model of Intrusion Analysis, and the Cyber Kill Chain.

• Proficiency with SIEM platforms, EDR tooling, and query languages such as KQL or SPL to execute hunts.

• Demonstrable ability to operate independently, exercise sound judgement, and communicate findings to technical and executive audiences.

• Understanding of OT-specific threats, including ICS ATT&CK and risks affecting data centre control systems.

• Strong written and verbal skills to translate technical intelligence into actionable, commercially grounded guidance.

• Degree in Computer Science, Cyber Security, Intelligence Studies, or equivalent demonstrable experience.

Why join us?

• Opportunity to build threat hunting and intelligence capability from inception in a high-growth scale-up.

• Protect the trusted foundations of national-level AI adoption across EMEA’s most regulated sectors.

• Apply your expertise to cutting-edge sovereign AI platforms and hyperscale data centre infrastructure.

• Work closely with a specialized team of detection engineers, incident responders, and executive leadership.