Principal Security Engineer in London

My client is an AI-first software company building foundational AI solutions for complex industries. As they scale, they are committed to becoming AI-native across every department, embedding automation, augmentation, and intelligence into the core of how they operate.

As Lead Security Engineer AI and Cloud, you will take end-to-end ownership of the security posture of the platform and associated infrastructure. This spans multi-model inference systems, real-time data ingestion, edge deployments, and hybrid cloud environments.

• Design and lead red team campaigns against model logic, inference systems, and edge deployments.
• Build secure-by-default infrastructure for model deployment and feedback loops.
• Collaborate with platform, ML, and infrastructure engineers to embed security throughout.
• Represent our security posture in client conversations and enterprise reviews.
• Stay current with emerging threats in adversarial ML, industrial systems, and LLM safety.

The overall vision as a leader of security engineering is to build a best in class Agentic security systems from SOC to AI pipelines with minimal human interaction. This is a hands-on engineering role with a strong offensive security focus. You will think like an attacker, build like a systems architect, and validate everything through adversarial testing. You will work across the AI stack, threat model novel attack surfaces, simulate adversaries, and embed controls that protect safety, trust, and uptime, all without slowing down.

This role is best suited for someone who:

• Has built or broken AI systems in the wild and knows where they fail.
• Has experience across red team tactics, cloud security, and AI/ML pipeline security.
• Enjoys threat modelling and then actually testing the threat.
• Is fluent in offensive techniques but just as comfortable writing detection logic, securing cloud deployments, and hardening systems.
• Knows how to navigate ambiguity and build security frameworks where none exist.
• Can think clearly about risk, consequence, and exposure not just vulnerabilities.
• Is motivated by impact, autonomy, and hard problems, not by headcount or prestige.

My client cares less about how long you’ve been doing this and more about how deep you go. This role is designed for someone who wants to own the full security lifecycle of an adversarial surface and prove it works. You will be responsible for finding and plugging the gaps in defences before someone exploits them.

• Threat Modelling and Continuous Exposure Management

• Build and maintain a real-time threat model across model, infrastructure, and data layers.
• Prioritise exposures by exploitability × physical consequence, not just CVSS.
• Operate a living CTEM (Continuous Threat Exposure Management) cycle.
• Report exposure posture to leadership with confidence and clarity.

• Simulate adversaries targeting:

• Foundation models (evasion, poisoning, trust boundary abuse).
• Edge deployments (signed binaries, inference manipulation).

• Work across AWS and Azure environments, securing build, deployment, and runtime.
• Implement verification for edge systems (secure boot, artifact integrity, telemetry hygiene).
• Operate close to code understand pipelines, dependencies, APIs, and risks at a system level.

• Create trust boundaries between AI output and operator action.
• Implement uncertainty scoring, fallback logic, and human-in-the-loop systems.
• Build instrumentation for drift detection, anomalous output, and unsafe recommendations.