Detection & Response Manager

Описание вакансии

Why work at NebiusNebius is leading a new era in cloud computing to serve the global AI economy. We create the tools and resources our customers need to solve real-world challenges and transform industries, without massive infrastructure costs or the need to build large in-house AI/ML teams. Our employees work at the cutting edge of AI cloud infrastructure alongside some of the most experienced and innovative leaders and engineers in the field.

Where we workHeadquartered in Amsterdam and listed on Nasdaq, Nebius has a global footprint with R&D hubs across Europe, North America, and Israel. The team of over 1400 employees includes more than 400 highly skilled engineers with deep expertise across hardware and software engineering, as well as an in-house AI R&D team.

Role Overview

Nebius is seeking a Detection & Response Manager to lead and mature our security operations and adversary defense capabilities.

This role owns SOC operations, incident response, red teaming, and security automation (SIEM & SOAR) across cloud, data center, and enterprise environments.

The ideal candidate combines operational excellence, threat-adversary thinking, and automation-first execution.

Key Responsibilities

Security Operations Center (SOC) Leadership

• Own day-to-day SOC operations across cloud, data center, and corporate environments
• Define detection strategy aligned to Nebius threat models and crown jewels
• Ensure high-quality alerting, triage, escalation, and reporting
• Continuously reduce false positives and alert fatigue

Incident Response & Crisis Management

• Lead end-to-end incident response for high-severity security incidents
• Own incident command during crises (technical, executive, and regulatory coordination)
• Ensure post-incident reviews lead to real control improvements
• Maintain and regularly test incident response playbooks

Red Team & Adversarial Testing

• Manage red team and purple team activities (internal and external)
• Translate real-world adversary TTPs into detection and response improvements
• Ensure findings from red team exercises are remediated and verified
• Partner with product, cloud, and physical security teams on attack simulations

SOC Automation (SIEM & SOAR)

• Own SIEM and SOAR strategy, architecture, and roadmap
• Drive automation of detection, enrichment, response, and reporting
• Integrate identity, cloud, CI/CD, and physical security telemetry
• Measure SOC effectiveness using MTTD, MTTR, and coverage metrics

Threat Intelligence & Continuous Improvement

• Operationalize threat intelligence into detections and playbooks
• Track emerging threats relevant to cloud, AI, and infrastructure providers
• Continuously improve detection coverage against prioritized attack paths

What Success Looks Like (12 Months)

• Measurable reduction in MTTD and MTTR for high-severity incidents
• Majority of high-risk incidents detected internally, not externally
• Red team findings consistently detected and contained
• SOC automation meaningfully reduces manual effort
• Clear, trusted security reporting to CISO and leadership

Required Qualifications

• 7+ years in security operations, incident response, or threat detection
• Proven experience leading a SOC or incident response function
• Strong experience with SIEM and SOAR platforms
• Deep understanding of:

• Cloud security
• Identity-based attacks and detection
• Endpoint, network, and application telemetry

• Experience running or managing red team / purple team activities
• Calm, decisive leadership under pressure

Preferred Qualifications

• Experience in cloud service providers, hyperscale, or infrastructure companies
• Familiarity with GPU / HPC environments or large-scale data centers
• Experience with DORA, SOC 2, ISO 27001 incident requirements
• Background in threat hunting or offensive security

Key Skills & Attributes

• Adversary-minded: thinks like an attacker, not a tool operator
• Automation-first mindset
• Strong communicator during crises
• Data-driven decision making
• High ownership, low ego

Why Nebius

• Defend one of the most advanced AI and GPU cloud platforms
• Influence security architecture at scale
• Operate at the intersection of cloud, physical infrastructure, and regulation
• Build a modern, high-impact detection & response function

What we offer

• Competitive salary and comprehensive benefits package.
• Opportunities for professional growth within Nebius.
• Flexible working arrangements.
• A dynamic and collaborative work environment that values initiative and innovation.

We’re growing and expanding our products every day. If you’re up to the challenge and are excited about AI and ML as much as we are, join us!