NebiusNebius

Detection & Response Manager

Added 1 month ago

Role Overview

Nebius is seeking a Detection & Response Manager to lead and mature our security operations and adversary defense capabilities.

This role owns SOC operations, incident response, red teaming, and security automation (SIEM & SOAR) across cloud, data center, and enterprise environments.

The ideal candidate combines operational excellence, threat-adversary thinking, and automation-first execution.

Key Responsibilities

Security Operations Center (SOC) Leadership

  • Own day-to-day SOC operations across cloud, data center, and corporate environments

  • Define detection strategy aligned to Nebius threat models and crown jewels

  • Ensure high-quality alerting, triage, escalation, and reporting

  • Continuously reduce false positives and alert fatigue

Incident Response & Crisis Management

  • Lead end-to-end incident response for high-severity security incidents

  • Own incident command during crises (technical, executive, and regulatory coordination)

  • Ensure post-incident reviews lead to real control improvements

  • Maintain and regularly test incident response playbooks

Red Team & Adversarial Testing

  • Manage red team and purple team activities (internal and external)

  • Translate real-world adversary TTPs into detection and response improvements

  • Ensure findings from red team exercises are remediated and verified

  • Partner with product, cloud, and physical security teams on attack simulations

SOC Automation (SIEM & SOAR)

  • Own SIEM and SOAR strategy, architecture, and roadmap

  • Drive automation of detection, enrichment, response, and reporting

  • Integrate identity, cloud, CI/CD, and physical security telemetry

  • Measure SOC effectiveness using MTTD, MTTR, and coverage metrics

Threat Intelligence & Continuous Improvement

  • Operationalize threat intelligence into detections and playbooks

  • Track emerging threats relevant to cloud, AI, and infrastructure providers

  • Continuously improve detection coverage against prioritized attack paths

What Success Looks Like (12 Months)

  • Measurable reduction in MTTD and MTTR for high-severity incidents

  • Majority of high-risk incidents detected internally, not externally

  • Red team findings consistently detected and contained

  • SOC automation meaningfully reduces manual effort

  • Clear, trusted security reporting to CISO and leadership

Required Qualifications

  • 7+ years in security operations, incident response, or threat detection

  • Proven experience leading a SOC or incident response function

  • Strong experience with SIEM and SOAR platforms

  • Deep understanding of:

    • Cloud security 

    • Identity-based attacks and detection

    • Endpoint, network, and application telemetry

  • Experience running or managing red team / purple team activities

  • Calm, decisive leadership under pressure

Preferred Qualifications

  • Experience in cloud service providers, hyperscale, or infrastructure companies

  • Familiarity with GPU / HPC environments or large-scale data centers

  • Experience with DORA, SOC 2, ISO 27001 incident requirements

  • Background in threat hunting or offensive security

Key Skills & Attributes

  • Adversary-minded: thinks like an attacker, not a tool operator

  • Automation-first mindset

  • Strong communicator during crises

  • Data-driven decision making

  • High ownership, low ego

Why Nebius

  • Defend one of the most advanced AI and GPU cloud platforms

  • Influence security architecture at scale

  • Operate at the intersection of cloud, physical infrastructure, and regulation

  • Build a modern, high-impact detection & response function