Principal Platform/ Product Security EngineerLondon, UKAbout the AI Security InstituteThe AI Security Institute is the world's largest and best-funded team dedicated to understanding advanced AI risks and translating that knowledge into action. We’re in the heart of the UK government with direct lines to No. 10 (the Prime Minister's office), and we work with frontier developers and governments globally.We’re here because governments are critical for advanced AI going well, and UK AISI is uniquely positioned to mobilise them. With our resources, unique agility and international influence, this is the best place to shape both AI development and government action.About the Team:Security Engineering at the AI Security Institute (AISI) exists to help our researchers move fast, safely. We are founding the Security Engineering team in a largely greenfield cloud environment, we treat security as a measurable, researcher centric product. Secure by design platforms, automated governance, and intelligence led detection that protects our people, partners, models, and data. We work shoulder to shoulder with research units and core technology teams, and we optimise for enablement over gatekeeping, proportionate controls, low ego, and high ownership.What you might work on:Help design and ship paved roads and secure defaults across our platform so researchers can build quickly and safelyBuild provenance and integrity into the software supply chain (signing, attestation, artefact verification, reproducibility)Support strengthened identity, segmentation, secrets, and key management to create a defensible foundation for evaluations at scaleDevelop automated, evidence driven assurance mapped to relevant standards, reducing audit toil and improving signalCreate detections and response playbooks tailored to model evaluations and research workflows, and run exercises to validate themThreat model new evaluation pipelines with research and core technology teams, fixing classes of issues at the platform layerAssess third party services and hardware/software supply chains; introduce lightweight controls that raise the barContribute to open standards and open source, and share lessons with the broader community where appropriateIf you want to build security that accelerates frontier scale AI safety research, and see your work land in production quickly, this is a good place to do itRole Summary:Act as AISI’s technical security lead for cloud and delivery infrastructure. You will enable secure-by-default platform patterns, provide reusable controls and guardrails, and partner with engineers to embed safe practices across the development lifecycle. You’ll build influence through enablement, not enforcement. You will extend these patterns to AI/ML workloads, including secure handling of high-capability model weights, GPU estates, data/feature pipelines, evaluation/release gates, and inference services.Responsibilities:Define and maintain secure-by-default IaC modules, bootstrap templates, and reference architecturesProvide consulting and coaching to platform and product teams to support secure deliveryBuild tooling for identity, secrets, environment isolation, and pipeline hardeningDevelop and maintain a baseline cloud control set (e.g. SCPs, logging, tagging)Track and improve cloud posture with automated feedback loopsLead or support post-incident reviews and design for resilienceAlign technical controls with DSIT central governance and shared responsibility boundariesProvide secure patterns for AI/ML training/finetuning and inference on AWS (e.g., EKS/ECS/SageMaker), including network isolation, egress controls, data locality, and private endpointsImplement custody controls for model weights and sensitive datasets (encryption with KMS/HSM, least-privilege access paths, just-in-time/break-glass, tamper-evident logging)Govern GPU/accelerator compute (quotas, tenancy/isolation, container image hardening, runtime policy, driver/AMI baselines)Secure the AI supply chain: signed model/dataset artefacts, provenance/attestation (e.g., Sigstore/SLSA), model registries, and promotion gates tied to evaluation evidenceEstablish paved paths for safe use of third-party model APIs (key management, egress allowlists, privacy-preserving logging, rate limiting, abuse and data exfil protection)Embed safety guardrails and patterns for RAG and prompting (context isolation/sanitisation, prompt injection mitigations, output/content policies, human-in-the-loop hooks)Deliver observability for AI surfaces (misuse/abuse telemetry, secrets/PII leak detection, anomalous output monitoring) integrated with incident responseProfile requirements:Deep AWS experience, especially with security, identity, networking, and org-level servicesStrong infra-as-code skills (Terraform, CDK, etc.) and CI/CD pipeline knowledgeExcellent technical judgment and stakeholder communicationExperience building influence in cross-functional environmentsPractical understanding of AI/ML platform surfaces and risks (e.g., model weight security, GPU isolation, eval/release gating, prompt injection/data exfil risks)Desirable: exposure ML registries (e.g., MLflow/SageMaker), vector stores, and integrating ML artefacts into CI/CDDeep cloud security knowledge (AWS)Ability to design reusable IaC componentsThreat modelling, secure defaults, and paved pathsCollaboration across platform teamsSecuring AI/ML workloads and artefactsAI-specific threat mitigation (model supply chain, prompt injection, misuse/abuse telemetry)What We OfferImpact you couldn't have anywhere elseIncredibly talented, mission-driven and supportive colleagues.Direct influence on how frontier AI is governed and deployed globally.Work with the Prime Minister’s AI Advisor and leading AI companies.Opportunity to shape the first & best-resourced public-interest research team focused on AI security.Resources & accessPre-release access to multiple frontier models and ample compute.Extensive operational support so you can focus on research and ship quickly.Work with experts across national security, policy, AI research and adjacent sciences.If you’re talented and driven, you’ll own important problems early.5 days off learning and development, annual stipends for learning and development and funding for conferences and external collaborations.Freedom to pursue research bets without product pressure.Opportunities to publish and collaborate externally.Life & familyModern central London office (cafes, food court, gym) or option to work in similar government offices in Birmingham, Cardiff, Darlington, Edinburgh, Salford or Bristol.Hybrid working, flexibility for occasional remote work abroad and stipends for work-from-home equipment.At least 25 days’ annual leave, 8 public holidays, extra team-wide breaks and 3 days off for volunteering.Generous paid parental leave (36 weeks of UK statutory leave shared between parents + 3 extra paid weeks + option for additional unpaid time).On top of your salary, we contribute 28.97% of your base salary to your pension.Discounts and benefits for cycling to work, donations and retail/gyms.Annual salary is benchmarked to role scope and relevant experience. Most offers land between £65,000 and £145,000 (base plus technical allowance), with 28.97% employer pension and other benefits on top.This role sits outside of the DDaT pay framework given the scope of this role requires in depth technical expertise in frontier AI safety, robustness and advanced AI architectures.The full range of salaries are as follows:Additional InformationInternal Fraud DatabaseThe Internal Fraud function of the Fraud, Error, Debt and Grants Function at the Cabinet Office processes details of civil servants who have been dismissed for committing internal fraud, or who would have been dismissed had they not resigned. The Cabinet Office receives the details from participating government organisations of civil servants who have been dismissed, or who would have been dismissed had they not resigned, for internal fraud. In instances such as this, civil servants are then banned for 5 years from further employment in the civil service. The Cabinet Office then processes this data and discloses a limited dataset back to DLUHC as a participating government organisations. DLUHC then carry out the pre employment checks so as to detect instances where known fraudsters are attempting to reapply for roles in the civil service. In this way, the policy is ensured and the repetition of internal fraud is prevented. For more information please see -Internal Fraud Register.TheCivil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window) .The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.Interested in building your career at AI Security Institute? Get future opportunities sent straight to your email.Accepted file types: pdf, doc, docx, txt, rtfWhy do you want to join the AI Security Institute? *Will you require a reasonable adjustment during the interview or assessment stages? * Select...If yes, please provide details of what reasonable adjustments might help you, or have helped you in the past, at the interview or assessment stagesLinkedIn ProfileWebsitePlease specify your nationality. *Do you have the legal right to work in the UK? * Select...If applicable, please indicate your current visa status and type.How did you hear about this role? Select...UK Diversity QuestionsIt's important to us that everyone at AISI feels an included part of the team, whoever they are and whatever their background. These questions will help us to identify the diversity of our applicants. Should you not wish to provide an answer, you will always have the option to not provide a response with a 'I don't wish to answer' option. Your answers will not impact your hiring outcomes whatsoever.If there are any questions you would like to further discuss or want clarity on, we'd be happy to talk to you about this if you reach out to active.campaigns@dsit.gov.ukWhat is your gender? * Select...What is your sexual orientation? * Select...What is your current age group? * Select...How would you describe your national identity? * Select...What is your ethnic group? * Select...What is your religion or belief? * Select...Would you describe yourself as having a Disability? * Select... #J-18808-Ljbffr