Detection & Response Manager

Why work at Nebius Nebius is leading a new era in cloud computing to serve the global AI economy. We create the tools and resources our customers need to solve real-world challenges and transform industries, without massive infrastructure costs or the need to build large in-house AI/ML teams. Our employees work at the cutting edge of AI cloud infrastructure alongside some of the most experienced and innovative leaders and engineers in the field. Where we work Headquartered in Amsterdam and listed on Nasdaq, Nebius has a global footprint with RD hubs across Europe, North America, and Israel. The team of over 800 employees includes more than 400 highly skilled engineers with deep expertise across hardware and software engineering, as well as an in-house AI RD team. Role Overview Nebius is seeking a Detection Response Manager to lead and mature our security operations and adversary defense capabilities. This role owns SOC operations, incident response, red teaming, and security automation (SIEM SOAR) across cloud, data center, and enterprise environments. The ideal candidate combines operational excellence, threat-adversary thinking, and automation-first execution. Key Responsibilities Security Operations Center (SOC) Leadership Own day-to-day SOC operations across cloud, data center, and corporate environments Define detection strategy aligned to Nebius threat models and crown jewels Ensure high-quality alerting, triage, escalation, and reporting Continuously reduce false positives and alert fatigue Incident Response Crisis Management Lead end-to-end incident response for high-severity security incidents Own incident command during crises (technical, executive, and regulatory coordination) Ensure post-incident reviews lead to real control improvements Maintain and regularly test incident response playbooks Red Team Adversarial Testing Manage red team and purple team activities (internal and external) Translate real-world adversary TTPs into detection and response improvements Ensure findings from red team exercises are remediated and verified Partner with product, cloud, and physical security teams on attack simulations SOC Automation (SIEM SOAR) Own SIEM and SOAR strategy, architecture, and roadmap Drive automation of detection, enrichment, response, and reporting Integrate identity, cloud, CI/CD, and physical security telemetry Measure SOC effectiveness using MTTD, MTTR, and coverage metrics Threat Intelligence Continuous Improvement Operationalize threat intelligence into detections and playbooks Track emerging threats relevant to cloud, AI, and infrastructure providers Continuously improve detection coverage against prioritized attack paths What Success Looks Like (12 Months) Measurable reduction in MTTD and MTTR for high-severity incidents Majority of high-risk incidents detected internally, not externally Red team findings consistently detected and contained SOC automation meaningfully reduces manual effort Clear, trusted security reporting to CISO and leadership Required Qualifications 7+ years in security operations, incident response, or threat detection Proven experience leading a SOC or incident response function Strong experience with SIEM and SOAR platforms Deep understanding of: Cloud security Identity-based attacks and detection Endpoint, network, and application telemetry Experience running or managing red team / purple team activities Calm, decisive leadership under pressure Preferred Qualifications Experience in cloud service providers, hyperscale, or infrastructure companies Familiarity with GPU / HPC environments or large-scale data centers Experience with DORA, SOC 2, ISO 27001 incident requirements Background in threat hunting or offensive security Key Skills Attributes Adversary-minded: thinks like an attacker, not a tool operator Automation-first mindset Strong communicator during crises Data-driven decision making High ownership, low ego Why Neb ... (truncated, view full listing at source)