Company Description

Sovereign AI is an AI infrastructure and solutions provider building the next generation of sovereign-grade AI data centres across EMEA. Designed for resilience, security, and scale, Sovereign AI enables commercial and government customers to deploy advanced AI with confidence in environments where performance, reliability, and compliance are non-negotiable. Focused on regulated and mission-critical sectors including Government, Defence, Healthcare, and Financial Services, Sovereign AI is creating the trusted foundations for AI adoption at scale, combining robust infrastructure with disciplined governance to support long-term innovation and national-level capability.

What you'll be doing

• Focus on the hands-on implementation and maintenance of security architecture patterns within the cloud estate under the guidance of senior architects.

• Contribute to the cloud security reference architecture and support its evolution as the platform grows.

• Participate in threat modelling sessions using STRIDE, PASTA, and MITRE ATT&CK for new services and major changes.

• Implement and adhere to rigorous security standards for IAM, network segmentation, data protection, and workload hardening across AWS, Azure, and GCP.

• Assist Platform Engineering and SRE teams to embed security into IaC pipelines (Terraform, Pulumi, CDK) via guardrails and policy-as-code.

• Support the PKI strategy, including certificate lifecycle management and key management operations involving HSMs and cloud KMS.

• Implement key components of the Zero Trust architecture, such as identity-centric access and micro-segmentation.

• Contribute technical data and support to help produce business-readable risk assessments for leadership.

• Assist in the evaluation of security tooling, including CSPM, CNAPP, SSPM, and SASE solutions.

• Participate in Architecture Review Board (ARB) sessions to ensure security alignment.

Qualifications & Skills

• Strong working knowledge of AWS IAM, Azure Entra ID, and GCP IAM, including workload identity and OIDC/SAML flows.

• Hands-on experience with VPC/VNET design, security groups, NACLs, WAF, and DDoS protection.

• Proven experience implementing encryption at rest/transit, secrets management (Vault, AWS Secrets Manager), and cloud storage security controls.

• Experience with Terraform security scanning (Checkov, tfsec, KICS) to remediate misconfigurations at the pipeline stage.

• Ability to facilitate basic threat models using frameworks like STRIDE and ATT&CK for Cloud.

• Experience with CSPM tools (Wiz, Prisma Cloud), K8s security (RBAC, image scanning), and Serverless hardening (Lambda, Cloud Run).

• Working knowledge of major frameworks such as ISO 27001, SOC 2, and CIS Benchmarks.

• 4–6 years in security with at least 2+ years specifically focused on cloud environments.

• One major cloud security certification (e.g., AWS Security Specialty or Microsoft SC-100/AZ-500) and CCSP or equivalent.

Why join us?

• Directly implement the security patterns protecting sovereign-grade AI data centres.

• Work under the guidance of senior architects in a senior individual contributor or technical lead capacity.

• Gain deep, hands-on exposure to multi-cloud environments (AWS, Azure, GCP) and advanced AI infrastructure.

• Join a team where you can collaborate effectively with engineering, legal, and compliance peers to define tactical security structures.