Loading...
Loading...
Nebius is seeking a Detection & Response Lead to establish and manage their D&R capabilities, including detection engineering, threat intelligence, and incident response for their AI cloud platform. This role involves leading a team, architecting detection strategies, integrating threat intelligence, and handling complex security incidents. The ideal candidate will have 6+ years of experience in security operations or incident response, with strong cloud-native environment expertise, SIEM platform proficiency, and experience with SOAR workflows. The position offers a unique opportunity to build security infrastructure at a rapidly growing global company.
About Nebius:
Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.
Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.
Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.
The Role
We're hiring a Detection & Response Lead to build and run our D&R capability from the ground up. You'll own the detection engineering, threat intelligence, and incident response functions across Nebius Cloud - and lead a small, growing team of analysts and engineers.
This is a lead engineering role responsible for detection development, handling the most complex security incidents, forensics, and shaping the D&R strategy.
What you’ll do
Lead detection development: achieve full MITRE coverage, maintain low false-positive and false-negative rates. Work closely with alerts consumers (20+ teams) to keep noise low and signal high, ensuring they can act quickly without missing genuine threats.
Architect and operate detection coverage across our cloud and bare-metal environments
Build and extend our internal D&R tools and pipelines - onboard new logs, build and automate response runbooks.
Integrate threat intelligence into detection logic and IR playbooks, tracking adversary TTPs relevant to Cloud infrastructure
Lead incident response end-to-end: scoping, containment, root cause analysis, post-incident reviews and controlling critical action items are closed to prevent future possible incidents.
Partner with Compliance and Engineering teams to detect real threats while meeting the needs of both engineers and regulators.
Define and report on D&R metrics: MTTD, MTTR, detection coverage, false positive rates, etc.
Build and maintain Security Incident Response program: people, processes, tools.
Build tools, runbooks, and on-call processes that scale as the company grows.
What we look for
6+ years in security operations, detection engineering, or incident response — with at least 1–2 years leading or mentoring a team.
Deep hands-on experience with cloud-native environments (Kubernetes, Linux workloads, container-based infrastructure).
Strong detection engineering skills: writing and tuning rules/detections in SIEM platforms (e.g., Chronicle, Splunk, Elastic) and SQL.
Experience building or operating SOAR workflows and automating response at scale (ideally with Golang and Temporal).
Working knowledge of threat intelligence frameworks (MITRE ATT&CK, Pyramid of Pain, Kill Chain) and how to operationalize them in detections.
Solid IR fundamentals: memory forensics, log analysis, network traffic analysis, and post-incident reporting.
Stakeholder management: able to coordinate across engineers, compliance, legal, executives during active incident phase. Serve as the primary owner and driver for complex changes, as a result of incidents post-mortem.
Nice to have:
Experience with AI/ML and GPU clusters related threats.
Familiarity with eBPF-based detection or runtime security tooling (Falco, Tetragon).
Background in threat hunting.
Why this role at Nebius
Build D&R at a company scaling from startup to global infrastructure provider in real time.
Ability to evolve our internal D&R platform into a new cloud security product, delivering novel security observability for a range of neocloud customers - from big tech to AI startups.
Work alongside world-class engineers on infrastructure that powers frontier AI.
Competitive compensation with equity upside in a Nasdaq-listed, high-growth company.
Flexible, remote-first culture.
Benefits & Perks:
What's it like to work at Nebius:
Fast moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI
Equal Opportunity Statement:
Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.
Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire.
If you need accommodations during the application process, please let us know.