Era4 develops, owns and operates AI infrastructure across the UK, powered by renewable energy. Converting legacy industrial and energy sites into modern data-centre facilities, Era4 is combining brownfield regeneration opportunities with cleaner, efficient, scalable compute capacity for healthcare, research, finance, enterprise, and public-sector organisations
Initial 3 month contract.
June start date.
Competitive day rate.
Role Summary:
The Identity & Platform Engineer is responsible for designing, implementing and operating the core platform services that provide:
- Kubernetes platform services
- Sovereign identity management
- Federation and authentication services
- Privileged access management
- Secrets management
- Customer identity integration
- Platform security and governance
The successful candidate will play a key role in delivering a Zero Trust, sovereign cloud platform built around: FreeIPA, Teleport, authentic, Bitwarden, Kubernetes.
Key Responsibilities:
Identity & Access Management Engineering:
- Design, implement and operate the sovereign identity platform supporting workforce, administrative and customer identity domains.
- Implement and maintain FreeIPA as the authoritative administrative identity platform.
- Deploy, configure and operate authentik for customer federation, SAML and OIDC integration.
- Implement and maintain Teleport as the privileged access management platform.
- Design and maintain RBAC models across Kubernetes, Rafay and supporting platform services.
- Integrate phishing-resistant MFA technologies including WebAuthn and FIDO2 security keys.
- Implement identity lifecycle management processes including onboarding, access reviews and deprovisioning.
- Support customer identity federation onboarding and integration activities.
- Contribute to the ongoing evolution of the platform's Zero Trust architecture
Security, Governance & Zero Trust:
- Implement Zero Trust security controls across platform services.
- Design and maintain Kubernetes RBAC and tenant isolation controls.
- Implement privileged access governance using Teleport.
- Maintain audit logging, compliance evidence collection and security monitoring capabilities.
- Support security reviews, threat modelling and risk assessments.
- Implement security hardening standards across Kubernetes, Linux and supporting infrastructure.
- Participate in security incident response and root cause analysis activities.
- Maintain compliance with security and governance requirements
Secrets & Certificate Management:
- Operate Bitwarden and Bitwarden Secrets Manager platforms.
- Manage operational credentials, API keys and automation secrets.
- Implement secure secret distribution patterns for platform and application workloads.
- Support certificate lifecycle management and PKI integration.
- Maintain operational processes for break-glass credential governance and recovery.
Required Experience & Skills:
- Hands-on experience operating production Kubernetes environments.
- Soild Linux systems administration and troubleshooting experience.
- Knowledge designing and operating Identity and Access Management (IAM) solutions
- Experience with LDAP, Kerberos, SAML and OpenID Connect (OIDC).
- Previous experience implementing authentication, federation and RBAC solutions.
- Skilled in operating infrastructure and platform security services.
- Experience with Infrastructure as Code and automation tooling.
- Knowledge implementing monitoring, logging and observability solutions.
- Soild understanding of Zero Trust security principles.
- Experience with GitOps practices and cloud-native operational models.
- Proven incident management and root cause analysis experience.
One or more would be an advantage
- Prior experience with FreeIPA or enterprise directory services.
- Experience with authentik, Keycloak or similar federation platforms.
- Knowledge with Teleport, CyberArk or other privileged access management technologies.
- Experience with Bitwarden, Vault or secrets management platforms.
- Knowledge operating GPU-enabled Kubernetes environments.
- Previously supported AI, HPC or large-scale compute platforms.
- Experience implementing PKI and certificate management solutions.
- Kubernetes multi-tenancy and platform security experience.
- Sovereign, regulated or highly secure environments exposure.
- Familiarity with SOC2, ISO27001, NCSC or equivalent security frameworks.
- Background in Platform Engineering, DevOps or Site Reliability Engineering
Why Join Era4:
You’ll be joining a mission-driven start-up building critical national infrastructure, where operational excellence directly enables growth. This role offers high visibility with leadership, real autonomy, and the chance to shape how a next-generation company operates at scale.
Diversity & Inclusion:
Era4 is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Skills Required
- Experience supporting HPE PCAI or other AI/HPC infrastructure and platforms
- System administration with RHEL, CentOS, Ubuntu and Linux kernel tuning
- Proficiency with Ansible
- Experience with NVIDIA and CUDA toolkits and drivers
- Experience implementing and administering Slurm or other HPC schedulers
- Kubernetes and container orchestration experience
- Advanced networking skills including InfiniBand and Ethernet topology optimisation
- Experience automating provisioning, configuration, monitoring, and operational workflows across multi-vendor HPC stacks
- Experience in system engineering, platform operations or SRE
- Experience with GPU resource allocation and management
- Familiarity with cloud-based platforms, APIs, and distributed systems
- Understanding of AI/ML concepts and tooling (model training, inference, data pipelines basics)
- Experience with monitoring/logging tools such as Grafana, Kibana, Splunk
- Security and access control skills (RBAC, security hardening, data protection)
- Excellent communication skills for customer and vendor interaction
What We Do
Carbon3.ai is building the UK’s sovereign AI platform – secure, sustainable, and designed for real-world impact. AI growth demands are creating new challenges and compute power requirements are outpacing supply. At Carbon3.ai, we’re not just providing infrastructure, we’re building the foundations to overcome these challenges. We are an energy business transforming into the UK’s sovereign choice for AI. Vertically integrated from soil to software transforming legacy industrial sites into renewable powered AI data hubs. Designed, owned, and operated by Carbon3.ai, all infrastructure and data processing are located within the UK and fully subject to UK jurisdiction and regulatory oversight. We generate our own off-grid renewable power, providing low-cost, sustainable energy comparable to Nordic levels, making AI workloads both affordable and sustainable. We own 50+ sites across the UK and are rapidly scaling them into AI data centres, enabling high-density, low-latency, sovereign AI deployment at national scale. Whether you're training models, deploying intelligent agents, or building industry-specific solutions, Carbon3.ai accelerates your journey from concept to production. Backed by strategic partnerships with leading brands and robust investment, we’re building the infrastructure to power the UK’s most ambitious AI innovation – ensuring British enterprises can access world-class AI capabilities securely and sustainably.
