Company Description

Sovereign AI is an AI infrastructure and solutions provider building the next generation of sovereign-grade AI data centres across EMEA. Designed for resilience, security, and scale, Sovereign AI enables commercial and government customers to deploy advanced AI with confidence in environments where performance, reliability, and compliance are non-negotiable. Focused on regulated and mission-critical sectors including Government, Defence, Healthcare, and Financial Services, Sovereign AI is creating the trusted foundations for AI adoption at scale, combining robust infrastructure with disciplined governance to support long-term innovation and national-level capability.

What you'll be doing

• Build and operate critical cloud security controls, including CSPM, SIEM, SOAR, and runtime protection systems.

• Write and maintain detection-as-code using SIGMA rules, SIEM queries, and custom detectors in Python or Go.

• Lead technical incident response for cloud-based threats, managing the full lifecycle from triage through to post-incident review.

• Secure cloud compute, storage, and container environments in alignment with CIS Benchmarks and organisational standards.

• Embed security into CI/CD pipelines through secrets scanning, SAST/DAST, and SBOM generation.

• Oversee the full vulnerability lifecycle, prioritising remediation based on CVSS and exploitability context.

• Onboard log sources and build automated playbooks to reduce alert fatigue and improve response times.

• Proactively hunt for adversaries using the MITRE ATT & CK for Cloud framework.

• Support automated control testing and evidence collection using cloud-native tools like AWS Config or Azure Policy.

Qualifications & Skills

• Expert in day-to-day CSPM operations (Wiz, Defender, Security Hub) and remediating cloud misconfigurations.

• Hands-on experience building detections in platforms like Microsoft Sentinel, Splunk, or Chronicle.

• Proficiency in Python, Bash, or PowerShell to build security integrations and automated remediation bots.

• Ability to perform forensics in ephemeral environments, including disk snapshots and activity log analysis.

• Strong knowledge of K8s operational security, including runtime protection (Falco) and image scanning (Snyk, Trivy).

• Experience with GitHub Actions/GitLab CI security, including secrets scanning and SCA tools.

• 4+ years in security with at least 3+ years specifically in cloud engineering roles.

• A pragmatic engineer who can communicate clearly during incidents and collaborate effectively with DevOps teams.

Why join us?

• Direct ownership over the technical "how" of security, moving beyond theory into high-impact implementation.

• Work at the unique intersection of SecOps, DevSecOps, and proactive threat hunting.

• Master and tune a sophisticated security suite across AWS, Azure, and GCP environments.

• Help secure the trusted foundations for national-level AI adoption in a fast-moving, ambitious environment.