Staff Threat Detection

About the AI Security InstituteThe AI Security Institute is the worlds largest and best-funded team dedicated to understanding advanced AI risks and translating that knowledge into action. Were in the heart of the UK government with direct lines to No. 10 (the Prime Ministers office) and we work with frontier developers and governments globally.Were here because governments are critical for advanced AI going well and UK AISI is uniquely positioned to mobilise them. With our resources unique agility and international influence this is the best place to shape both AI development and government action.About the Team:Security Engineering at the AI Security Institute (AISI) exists to help our researchers move fast safely. We are founding the Security Engineering team in a largely greenfield cloud environment we treat security as a measurable researcher centric product.Secure by design platforms automated governance and intelligence led detection that protects our people partners models and data. We work shoulder to shoulder with research units and core technology teams and we optimise for enablement over gatekeeping proportionate controls low ego and high ownership.What you might work on: Help design and ship paved roads and secure defaults across our platform so researchers can build quickly and safely Build provenance and integrity into the software supply chain (signing attestation artefact verification reproducibility) Support strengthened identity segmentation secrets and key management to create a defensible foundation for evaluations at scale Develop automated evidence driven assurance mapped to relevant standards reducing audit toil and improving signal Create detections and response playbooks tailored to model evaluations and research workflows and run exercises to validate them Threat model new evaluation pipelines with research and core technology teams fixing classes of issues at the platform layer Assess third party services and hardware/software supply chains; introduce lightweight controls that raise the bar Contribute to open standards and open source and share lessons with the broader community where appropriateIf you want to build security that accelerates frontier scale AI safety research and see your work land in production quickly this is a good place to do itRole SummaryBuild and maintain a modern mission-aware detection engineering practice. Youll own AISIs threat model define detections that reflect AISI-specific risks and collaborate with DSITs SOC to extend coverage and context. Youll focus on signal quality not alert volume. You will extend coverage to AI/ML surfaces instrumenting the model lifecycle and AI platforms so threats to model weights data pipelines GPU estates and inference endpoints are visible correlated and actionable.ResponsibilitiesDefine and evolve AISIs threat model working with platform research and policy teamsWrite detection rules correlation logic and hunt queries tailored to AISIs risk surfaceEnsure relevant signals are logged routed and contextualised appropriatelyMaintain detection playbooks triage documentation and escalation workflowsAct as a liaison between AISI engineering and DSITs central SOCEvaluate detection gaps and propose new signal sources or telemetry improvementsExtend the threat model to AI/ML: data/feature pipelines training/finetuning evaluations/release gates registries GPUs and inference servicesDevelop detections for AI-specific risks: model weight custody/exfil (e.g. anomalous KMS decrypts S3 access) registry tampering dataset poisoning training pipeline/image compromise GPU abuse/cryptomining and inference abuse (prompt injection/data exfil patterns anomalous RAG connector access)Integrate AI platform telemetry (e.g. SageMaker/Bedrock logs model registry events provenance/attestation)Define hunts and correlations that tie AI safety/evaluation signals (red-team hits eval regressions release gate overrides) to security events and insider/outsider activityAuthor and rehearse AI-focused incident playbooks (weights leak compromised model artefacts inference abuse campaigns) with DSIT SOCProfile requirements:Strong understanding of detection-as-code MITRE ATT&CK log pipelines and cloud signal sourcesAble to navigate outsourced SOC relationships while owning internal threat understandingFamiliarity with AWS CloudTrail GuardDuty KMS S3 access logs EKS/ECS audit custom log ingestion; exposure to SageMaker/Bedrock or equivalent a plusCurious methodical and proactive mindsetPractical grasp of AI/ML attack surfaces and telemetry needs (model registries weights custody GPU/accelerator fleets inference gateways vector stores)Familiarity with AI threat frameworks (e.g. MITRE ATLAS OWASP Top 10 for LLMs) desirableKey Competencies:Detection engineering mindset focused on signal quality and measurable coverageFamiliarity with MITRE ATT&CK and detection pipelinesUnderstanding of cloud-native telemetry and logging gapsAbility to collaborate with outsourced SOCsInstrumenting and detecting threats across AI/ML workloads (weights datasets training/inference) and correlating safety and security signalsSalary & BenefitsWe are hiring individuals at all ranges of seniority and experience within this research unit and this advert allows you to apply for any of the roles within this range. Your dedicated talent partner will work with you as you move through our assessment process to explain our internal benchmarking process. The full range of salaries are available below salaries comprise of a base salary technical allowance plusadditional benefitsas detailed on this page.Level 3 - Total Package 65000 - 75000inclusiveof a base salary 35720 plus additional technical talent allowance of between 29280 - 39280Level 4 - Total Package 85000 - 95000inclusiveof a base salary 42495 plus additional technical talent allowance of between 42505 - 52505Level 5 - Total Package 105000 - 115000inclusiveof a base salary 55805 plus additional technical talent allowance of between 49195 - 59195Level 6 - Total Package 125000 - 135000inclusiveof a base salary 68770 plus additional technical talent allowance of between 56230 - 66230Level 7 - Total Package 145000inclusiveof a base salary 68770 plus additional technical talent allowance of 76230This role sits outside of the DDaT pay framework given the scope of this role requires in depth technical expertise in frontier AI safety robustness and advanced AI architectures.Government Digital and Data Profession Capability Framework - Government Digital and Data Profession Capability FrameworkThere are a range of pension options available which can be found through the Civil Service website.Additional InformationInternal Fraud DatabaseThe Internal Fraud function of the Fraud Error Debt and Grants Function at the Cabinet Office processes details of civil servants who have been dismissed for committing internal fraud or who would have been dismissed had they not resigned. The Cabinet Office receives the details from participating government organisations of civil servants who have been dismissed or who would have been dismissed had they not resigned for internal instances such as this civil servants are then banned for 5 years from further employment in the civil service. The Cabinet Office then processes this data and discloses a limited dataset back to DLUHC as a participating government organisations. DLUHC then carry out the pre employment checks so as to detect instances where known fraudsters are attempting to reapply for roles in the civil this way the policy is ensured and the repetition of internal fraud is prevented. For more information please see -Internal Fraud Register.SecuritySuccessful candidates must undergo a criminal record check and getbaseline personnel security standard (BPSS)clearancebefore they can be appointed. Additionally there is a strong preference for eligibility forcounter-terrorist check (CTC)clearance. Some roles may require higher levels of clearance and we will state this by exception in the job advertisement.See our vetting charter here.Nationality requirementsWe may be able to offer roles to applicant from any nationality or background. As such we encourage you to apply even if you do not meet the standard nationality requirements (opens in a new window).Working for the Civil ServiceTheCivil Service Code (opens in a new window) sets out the standards of behaviour expected of civil recruit by merit on the basis of fair and open competition as outlined in the Civil Service Commissions recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy and who meet the minimum requirements for the advertised vacancy.Diversity and InclusionThe Civil Service is committed to attract retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window)and theCivil Service Diversity and Inclusion Strategy (opens in a new window).Required Experience:Staff IC Key Skills Computer Science,Docker,Kubernetes,Python,VMware,C/C++,Go,System Architecture,gRPC,OS Kernels,Perl,Distributed Systems Employment Type : Full-Time Experience: years Vacancy: 1 Monthly Salary Salary: 56230 - 66230