Detection & Response Manager at Nebius

<div class="content-intro"><p><strong>About Nebius:</strong></p> <p>Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.</p> <p>Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.</p> <p>Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&amp;D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&amp;D.</p></div><h2 class="ms-outlook-mobile-reference-message skipProofing">Role Overview</h2> <p class="p2">Nebius is seeking a&nbsp;Detection &amp; Response Manager&nbsp;to lead and mature our security operations and adversary defense capabilities.</p> <p class="p2">This role owns SOC operations, incident response, red teaming, and security automation (SIEM &amp; SOAR)&nbsp;across cloud, data center, and enterprise environments.</p> <p class="p2">The ideal candidate combines operational excellence, threat-adversary thinking, and automation-first execution.</p> <h2 class="ms-outlook-mobile-reference-message skipProofing">Key Responsibilities</h2> <p class="p2">Security Operations Center (SOC) Leadership</p> <ul> <li> <p class="p1">Own day-to-day SOC operations across cloud, data center, and corporate environments</p> </li> <li> <p class="p1">Define detection strategy aligned to Nebius threat models and crown jewels</p> </li> <li> <p class="p1">Ensure high-quality alerting, triage, escalation, and reporting</p> </li> <li> <p class="p1">Continuously reduce false positives and alert fatigue</p> </li> </ul> <hr> <h3 class="ms-outlook-mobile-reference-message skipProofing">Incident Response &amp; Crisis Management</h3> <ul> <li> <p class="p1">Lead end-to-end incident response for high-severity security incidents</p> </li> <li> <p class="p1">Own incident command during crises (technical, executive, and regulatory coordination)</p> </li> <li> <p class="p1">Ensure post-incident reviews lead to real control improvements</p> </li> <li> <p class="p1">Maintain and regularly test incident response playbooks</p> </li> </ul> <hr> <h3 class="ms-outlook-mobile-reference-message skipProofing">Red Team &amp; Adversarial Testing</h3> <ul> <li> <p class="p1">Manage red team and purple team activities (internal and external)</p> </li> <li> <p class="p1">Translate real-world adversary TTPs into detection and response improvements</p> </li> <li> <p class="p1">Ensure findings from red team exercises are remediated and verified</p> </li> <li> <p class="p1">Partner with product, cloud, and physical security teams on attack simulations</p> </li> </ul> <hr> <h3 class="ms-outlook-mobile-reference-message skipProofing">SOC Automation (SIEM &amp; SOAR)</h3> <ul> <li> <p class="p1">Own SIEM and SOAR strategy, architecture, and roadmap</p> </li> <li> <p class="p1">Drive automation of detection, enrichment, response, and reporting</p> </li> <li> <p class="p1">Integrate identity, cloud, CI/CD, and physical security telemetry</p> </li> <li> <p class="p1">Measure SOC effectiveness using MTTD, MTTR, and coverage metrics</p> </li> </ul> <hr> <h3 class="ms-outlook-mobile-reference-message skipProofing">Threat Intelligence &amp; Continuous Improvement</h3> <ul> <li> <p class="p1">Operationalize threat intelligence into detections and playbooks</p> </li> <li> <p class="p1">Track emerging threats relevant to cloud, AI, and infrastructure providers</p> </li> <li> <p class="p1">Continuously improve detection coverage against prioritized attack paths</p> </li> </ul> <hr> <h2 class="ms-outlook-mobile-reference-message skipProofing">What Success Looks Like (12&nbsp;Months)</h2> <ul> <li> <p class="p1">Measurable reduction in MTTD and MTTR&nbsp;for high-severity incidents</p> </li> <li> <p class="p1">Majority of high-risk incidents detected internally, not externally</p> </li> <li> <p class="p1">Red team findings consistently detected and contained</p> </li> <li> <p class="p1">SOC automation meaningfully reduces manual effort</p> </li> <li> <p class="p1">Clear, trusted security reporting to CISO and leadership</p> </li> </ul> <hr> <h2 class="ms-outlook-mobile-reference-message skipProofing">Required Qualifications</h2> <ul> <li> <p class="p1">7+ years in security operations, incident response, or threat detection</p> </li> <li> <p class="p1">Proven experience leading a SOC or incident response function</p> </li> <li> <p class="p1">Strong experience with SIEM and SOAR platforms</p> </li> <li> <p class="p1">Deep understanding of:</p> </li> <ul> <li> <p class="p1">Cloud security&nbsp;</p> </li> <li> <p class="p1">Identity-based attacks and detection</p> </li> <li> <p class="p1">Endpoint, network, and application telemetry</p> </li> </ul> <li> <p class="p1">Experience running or managing red team / purple team&nbsp;activities</p> </li> <li> <p class="p1">Calm, decisive leadership under pressure</p> </li> </ul> <hr> <h2 class="ms-outlook-mobile-reference-message skipProofing">Preferred Qualifications</h2> <ul> <li> <p class="p1">Experience in cloud service providers, hyperscale, or infrastructure companies</p> </li> <li> <p class="p1">Familiarity with GPU / HPC environments or large-scale data centers</p> </li> <li> <p class="p1">Experience with DORA, SOC 2, ISO 27001 incident requirements</p> </li> <li> <p class="p1">Background in threat hunting or offensive security</p> </li> </ul> <hr> <h2 class="ms-outlook-mobile-reference-message skipProofing">Key Skills &amp; Attributes</h2> <ul> <li> <p class="p1">Adversary-minded: thinks like an attacker, not a tool operator</p> </li> <li> <p class="p1">Automation-first mindset</p> </li> <li> <p class="p1">Strong communicator during crises</p> </li> <li> <p class="p1">Data-driven decision making</p> </li> <li> <p class="p1">High ownership, low ego</p> </li> </ul> <hr> <h2 class="ms-outlook-mobile-reference-message skipProofing">Why Nebius</h2> <ul> <li> <p class="p1">Defend one of the most advanced AI and GPU cloud platforms</p> </li> <li> <p class="p1">Influence security architecture at scale</p> </li> <li> <p class="p1">Operate at the intersection of cloud, physical infrastructure, and regulation</p> </li> <li> <p class="p1">Build a modern, high-impact detection &amp; response function</p> </li> </ul> <p>&nbsp;</p><div class="content-conclusion"><p><strong>Benefits &amp; Perks:</strong></p> <ul> <li>Competitive compensation</li> <li>Career growth and learning opportunities</li> <li>Flexibility and work-life balance</li> <li>Collaborative and innovative culture</li> <li>Opportunity to work on impactful AI projects</li> <li>International environment and talented teams</li> </ul> <p><strong>What's it like to work at Nebius:</strong></p> <p>Fast moving&nbsp;- Bold thinking&nbsp;- Constant growth&nbsp;- Meaningful impact&nbsp;- Trust and real ownership&nbsp;- Opportunity to shape the future of AI&nbsp;</p> <p><strong>Equal Opportunity Statement:</strong></p> <p>Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.</p> <p>Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire.&nbsp;</p> <p>If you need accommodations during the application process, please let us know.</p></div>