Recruiter: Daniel McCarthy
Career Grade: D
Internal Closing Date: 16/2/25
Why this job matters
We are seeking an AWS Cloud & AI Security Engineer to design, implement, and operate security controls across AWS cloud platforms, AI/ML workloads, and Generative AI (GenAI) services. The role has a strong focus on threat detection and response, with particular emphasis on Amazon GuardDuty, Inspector and its integration into enterprise scale security operations.
You will work closely with platform, MLOps, data science, and security teams to embed security by design, automate detection and response, and ensure AI systems are protected against evolving cloud and AI specific threats.
What you’ll be doing
* Secure AI/ML platforms using AWS SageMaker and Amazon Bedrock, covering notebooks, pipelines, endpoints, and inference workflows
* Implement security controls for :
1. Training and inference data isolation
2. Protection of model artefacts and container images
3. Secure GenAI endpoints and RAG data sources
* Monitor and respond to GuardDuty and Cloudtrail findings related to:
1. IAM credential compromise and anomalous API behaviour
2. EC2, EKS, and container runtime threats
3. S3 data access anomalies
4. Network reconnaissance and crypto mining activity
* Integrate GuardDuty with Security Hub, CloudWatch, and SIEM platforms.
* Tune findings, suppress false positives and align alerts with operational priorities.
* Develop automated response playbooks using Lambda and Step Functions.
* Lead incident response activities, containment, and root cause analysis
* Contribute to threat modelling exercises for cloud, ML, and GenAI architecture.
* Feed lessons learned back into detection rules and preventative controls.
* Support compliance with internal security baselines and external regulatory requirements.
* Define and enforce controls governing how context, prompts, tools, plugins, and external data sources are exposed to AI models.
* Work with MLOps and platform teams to ensure MCP implementations follow least privilege and data minimisation principles.
* Awareness of emerging Gen AI attack vectors such as context/prompt injection, data leakage.
* Integrate AWS WAF with API Gateway to protect against common web and API specific attack patterns.
* Support alerting and investigation of suspicious API behaviour, including excessive token usage, abnormal request rates, or unauthorised endpoint access.
Experience Required
* Deep expertise in IAM, VPC security, encryption, and network segmentation.
* Proven hands on experience with Amazon GuardDuty in production environments.
* Ability to tune and optimise GuardDuty to reduce noise and improve detection accuracy.
* Familiarity with SageMaker security constructs and Bedrock access controls.
* Familiarity with EKS runtime security and container threat detection.
* Degree in Computer Science/Engineering (or equivalent practical experience leading production cloud/ML platforms).
* AWS certifications strongly preferred – AWS Security Speciality.
* Strong understanding of API authentication, authorisation, throttling, and abuse prevention.
* Familiarity with GenAI interaction standards, orchestration layers, or AI gateways.
* Hands-on delivery experience with Amazon Bedrock to run agentic apps safely in production and build observability around them.
The skills you’ll need
Compliance Monitoring and Controls Testing
Information Security Strategy
Stakeholder Management
Security Assessment
Solution Design
Data Analysis
Vulnerability Management
Information Security
Agile Methodologies
DevSecOps
Customer Relationship Management
Cyber Resilience
Requirements Management
Security Evaluation and Functionality Testing
Decision Making
Growth Mindset
Inclusive Leadership
Incident Management
Zero Trust Architecture
Access Control
AI in Security
Security of AI
Our leadership standards
Looking in:
Leading inclusively and Safely
I inspire and build trust through self-awareness, honesty and integrity.
Owning outcomes
I take the right decisions that benefit the broader organisation.
Looking out:
Delivering for the customer
I execute brilliantly on clear priorities that add value to our customers and the wider business.
Commercially savvy
I demonstrate strong commercial focus, bringing an external perspective to decision-making.
Looking to the future:
Growth mindset
I experiment and identify opportunities for growth for both myself and the organisation.
Building for the future
I build diverse future-ready teams where all individuals can be at their best.
About us
BT Group was the world’s first telco and our heritage in the sector is unrivalled. As home to several of the UK’s most recognised and cherished brands – BT, EE, Openreach and Plusnet, we have always played a critical role in creating the future, and we have reached an inflection point in the transformation of our business.
Over the next two years, we will complete the UK’s largest and most successful digital infrastructure project – connecting more than 25 million premises to full fibre broadband. Together with our heavy investment in 5G, we play a central role in revolutionising how people connect with each other.
While we are through the most capital-intensive phase of our fibre investment, meaning we can reward our shareholders for their commitment and patience, we are absolutely focused on how we organise ourselves in the best way to serve our customers in the years to come. This includes radical simplification of systems, structures, and processes on a huge scale. Together with our application of AI and technology, we are on a path to creating the UK’s best telco, reimagining the customer experience and relationship with one of this country’s biggest infrastructure companies.
Change on the scale we will all experience in the coming years is unprecedented. BT Group is committed to being the driving force behind improving connectivity for millions and there has never been a more exciting time to join a company and leadership team with the skills, experience, creativity, and passion to take this company into a new era.
A FEW POINTS TO NOTE:
Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.
We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us.
DON'T MEET EVERY SINGLE REQUIREMENT?
Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.