Company Description

Sovereign AI is an AI infrastructure and solutions provider building the next generation of sovereign-grade AI data centres across EMEA. Designed for resilience, security, and scale, Sovereign AI enables commercial and government customers to deploy advanced AI with confidence in environments where performance, reliability, and compliance are non-negotiable. Focused on regulated and mission-critical sectors including Government, Defence, Healthcare, and Financial Services, Sovereign AI is creating the trusted foundations for AI adoption at scale, combining robust infrastructure with disciplined governance to support long-term innovation and national-level capability.

What you'll be doing

• Own the cloud security reference architecture and maintain it as the platform evolves.

• Lead threat modelling sessions (STRIDE / PASTA / MITRE ATT & CK) for new services, products, and major changes.

• Define and enforce security standards for IAM, network segmentation, data protection, and workload hardening across AWS, Azure, and GCP.

• Partner with Platform Engineering and SRE to embed security—including guardrails, policy-as-code, and supply-chain controls—into IaC pipelines.

• Own the enterprise PKI strategy, certificate lifecycle management, and key management using HSMs and cloud KMS.

• Drive the adoption of Zero Trust principles, focusing on identity-centric access, micro-segmentation, and continuous verification.

• Produce clear, business-readable risk assessments for the CISO and board, quantifying risk where possible.

• Evaluate and select security tooling such as CSPM, CNAPP, and SASE, while managing the vendor relationships.

• Mentor senior engineers and conduct architecture review board (ARB) sessions.

Qualifications & Skills

• Deep expertise in IAM, Networking, and Data Protection across AWS (Landing Zones, Control Tower), Azure (Entra ID, Defender), and GCP (SCC, Binary Authorization).

• Hands-on experience with tools like Wiz, Prisma Cloud, or Defender for Cloud, and policy-as-code (OPA/Rego).

• Proficiency in securing Terraform, Pulumi, or CDK pipelines using scanning tools like Checkov or tfsec.

• Expertise in hardening EKS, AKS, and GKE, including RBAC, admission controllers, and service mesh security (Istio).

• Strong understanding of ISO 27001, SOC 2, NIST CSF, and GDPR.

• Preferred credentials include AWS Certified Security – Specialty, Microsoft SC-100, Google Professional Cloud Security Engineer, CISSP, or CCSP.

• Ability to communicate complex risks to non-technical audiences and influence engineering teams without direct authority.

• 8+ years in security with at least 4 years focused specifically on cloud environments.

Why join us?

• Act as a senior technical lead owning critical security design decisions across a massive cloud estate.

• Translate business risk and regulatory requirements into concrete architecture patterns at the forefront of AI infrastructure.

• Define structure in an ambitious, fast-paced environment where your work supports national-level AI capability.

• Work cross-functionally with legal, compliance, and platform engineering teams in a non-siloed environment.