Incident Response Lead at Nebius
Amsterdam, NetherlandsFull-timeCorporate and Cyber SecurityPosted 15 days ago
About the Role
<div class="content-intro"><p><strong>About Nebius:</strong></p>
<p>Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.</p>
<p>Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.</p>
<p>Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.</p></div><div class="elementToProof"> </div>
<div class="elementToProof"><strong>Role Overview</strong></div>
<div class="elementToProof"> </div>
<div class="elementToProof">Nebius is seeking an Incident Response Lead to own and mature the company’s global cyber incident response capability. This role sits within the CISO Office and is accountable for response execution, post-incident learning, and executive-level coordination across Nebius’ cloud, infrastructure, and platform environments.</div>
<div class="elementToProof"> </div>
<div class="elementToProof">The Incident Response Lead will act as the single accountable owner for high-severity security incidents, ensuring rapid containment, accurate impact assessment, regulatory-compliant communications, and continuous improvement of detection and response capabilities.</div>
<div class="elementToProof">This role requires deep technical expertise, strong crisis leadership, and the ability to operate under pressure in highly regulated, high-availability environments.</div>
<p><strong>Key Responsibilities</strong></p>
<div class="elementToProof"><span style="text-decoration: underline;">Incident Response Leadership</span></div>
<ul data-start="1418" data-end="1838">
<li>
<div class="elementToProof">Lead and coordinate of security incidents across Nebius’ cloud, infrastructure, and corporate environments.</div>
</li>
<li>
<div class="elementToProof">Act as Incident Commander during major incidents, driving containment, eradication, and recovery efforts.</div>
</li>
<li>
<div class="elementToProof">Support and maintain clear incident classification, escalation, and decision-making frameworks.</div>
</li>
<li>
<div class="elementToProof">Ensure 24/7 readiness through on-call structures, runbooks, and playbooks.</div>
</li>
</ul>
<div class="elementToProof"><span style="text-decoration: underline;">Detection, Triage, and Investigation</span></div>
<ul data-start="1885" data-end="2299">
<li>
<div class="elementToProof">Oversee advanced incident triage and forensic investigations across:</div>
</li>
<ul data-start="1958" data-end="2106">
<li>
<div class="elementToProof">Cloud platforms</div>
</li>
<li>
<div class="elementToProof">Network and perimeter security</div>
</li>
<li>
<div class="elementToProof">Identity and access systems</div>
</li>
<li>
<div class="elementToProof">Supply chain and third-party risks</div>
</li>
</ul>
<li>
<div class="elementToProof">Partner with SOC, Threat Intelligence, and Threat Hunting teams to improve detection fidelity and reduce MTTR.</div>
</li>
<li>
<div class="elementToProof">Ensure evidence handling meets legal, regulatory, and forensic standards.</div>
</li>
<li>
<div class="elementToProof">Lead regulatory-ready incident documentation, timelines, and root cause analysis (RCA).</div>
</li>
<li>
<div class="elementToProof">Support audits, regulatory inquiries, and executive reporting related to security incidents.</div>
</li>
</ul>
<div class="elementToProof"><span style="text-decoration: underline;">Executive & Cross-Functional Coordination</span></div>
<ul data-start="2830" data-end="3226">
<li>
<div class="elementToProof">Serve as the primary incident response interface to:</div>
</li>
<ul data-start="2887" data-end="3032">
<li>
<div class="elementToProof">CISO and executive leadership</div>
</li>
<li>
<div class="elementToProof">Legal, Privacy, Compliance, and Communications teams</div>
</li>
<li>
<div class="elementToProof">Infrastructure, Network, IT, Platform, and Engineering leadership</div>
</li>
</ul>
<li>
<div class="elementToProof">Deliver clear, factual, and risk-based incident briefings to senior leadership.</div>
</li>
<li>
<div class="elementToProof">Support customer and partner communications when security incidents impact trust or service availability.</div>
</li>
</ul>
<div class="elementToProof"><span style="text-decoration: underline;">Program Development & Continuous Improvement</span></div>
<ul data-start="3281" data-end="3634">
<li>
<div class="elementToProof">Support Nebius’ incident response program, including:</div>
</li>
<ul data-start="3353" data-end="3454">
<li>
<div class="elementToProof">Playbooks and runbooks</div>
</li>
<li>
<div class="elementToProof">Tabletop exercises and simulations</div>
</li>
<li>
<div class="elementToProof">Red/blue/purple team coordination</div>
</li>
</ul>
<li>
<div class="elementToProof">Drive lessons-learned processes and ensure findings result in measurable control improvements.</div>
</li>
<li>
<div class="elementToProof">Define and track incident response KPIs (MTTD, MTTR, containment effectiveness).</div>
</li>
</ul>
<div class="elementToProof"><strong>Required Qualifications:</strong></div>
<div class="elementToProof"> </div>
<div class="elementToProof">Experience</div>
<ul data-start="3692" data-end="4043">
<li>
<div class="elementToProof">8+ years in cybersecurity, with significant hands-on incident response leadership experience.</div>
</li>
<li>
<div class="elementToProof">Proven experience leading large-scale, high-impact security incidents in cloud or infrastructure-heavy environments.</div>
</li>
<li>
<div class="elementToProof">Experience operating in regulated or compliance-driven environments (SOC, ISO, financial services, cloud providers, etc.).</div>
</li>
</ul>
<div class="elementToProof">Technical Expertise</div>
<ul data-start="4073" data-end="4456">
<li>
<div class="elementToProof">Strong understanding of:</div>
</li>
<ul data-start="4102" data-end="4302">
<li>
<div class="elementToProof">Cloud security architectures</div>
</li>
<li>
<div class="elementToProof">Network security, IAM, endpoint security, and logging pipelines</div>
</li>
<li>
<div class="elementToProof">Threat actor tactics, techniques, and procedures (MITRE ATT&CK)</div>
</li>
</ul>
<li>
<div class="elementToProof">Practical experience with SIEM, SOAR, EDR, NDR, and forensic tooling.</div>
</li>
<li>
<div class="elementToProof">Ability to validate technical findings independently and challenge assumptions.</div>
</li>
</ul>
<div class="elementToProof">Leadership & Communication</div>
<ul data-start="4493" data-end="4766">
<li>
<div class="elementToProof">Demonstrated ability to lead under pressure and make high-quality decisions with incomplete data.</div>
</li>
<li>
<div class="elementToProof">Clear, concise communicator capable of briefing executives and non-technical stakeholders.</div>
</li>
<li>
<div class="elementToProof">Strong cross-functional leadership skills without relying on direct authority.</div>
</li>
</ul>
<p> </p>
<p> </p><div class="content-conclusion"><p><strong>Benefits & Perks:</strong></p>
<ul>
<li>Competitive compensation</li>
<li>Career growth and learning opportunities</li>
<li>Flexibility and work-life balance</li>
<li>Collaborative and innovative culture</li>
<li>Opportunity to work on impactful AI projects</li>
<li>International environment and talented teams</li>
</ul>
<p><strong>What's it like to work at Nebius:</strong></p>
<p>Fast moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI </p>
<p><strong>Equal Opportunity Statement:</strong></p>
<p>Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.</p>
<p>Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire. </p>
<p>If you need accommodations during the application process, please let us know.</p></div>
Related Roles
Data Protection Lead
Nebius
Amsterdam, NetherlandsDetection & Response Manager
Nebius
Tel Aviv, IsraelSecurity Architect
Nebius
Amsterdam, NetherlandsSecurity Architect Manager (Corporate & Cloud Security)
Nebius
Tel Aviv, IsraelSIEM Engineers Lead
Nebius
Tel Aviv, IsraelSecurity Operations Center (SOC) Manager
Nebius
Tel Aviv, Israel