Incident Response Lead

Why work at Nebius Nebius is leading a new era in cloud computing to serve the global AI economy. We create the tools and resources our customers need to solve real-world challenges and transform industries, without massive infrastructure costs or the need to build large in-house AI/ML teams. Our employees work at the cutting edge of AI cloud infrastructure alongside some of the most experienced and innovative leaders and engineers in the field. Where we work Headquartered in Amsterdam and listed on Nasdaq, Nebius has a global footprint with RD hubs across Europe, North America, and Israel. The team of over 800 employees includes more than 400 highly skilled engineers with deep expertise across hardware and software engineering, as well as an in-house AI RD team. Role Overview Nebius is seeking an Incident Response Lead to own and mature the company’s global cyber incident response capability. This role sits within the CISO Office and is accountable for response execution, post-incident learning, and executive-level coordination across Nebius’ cloud, infrastructure, and platform environments. The Incident Response Lead will act as the single accountable owner for high-severity security incidents, ensuring rapid containment, accurate impact assessment, regulatory-compliant communications, and continuous improvement of detection and response capabilities. This role requires deep technical expertise, strong crisis leadership, and the ability to operate under pressure in highly regulated, high-availability environments. Key Responsibilities Incident Response Leadership Lead and coordinate of security incidents across Nebius’ cloud, infrastructure, and corporate environments. Act as Incident Commander during major incidents, driving containment, eradication, and recovery efforts. Support and maintain clear incident classification, escalation, and decision-making frameworks. Ensure 24/7 readiness through on-call structures, runbooks, and playbooks. Detection, Triage, and Investigation Oversee advanced incident triage and forensic investigations across: Cloud platforms Network and perimeter security Identity and access systems Supply chain and third-party risks Partner with SOC, Threat Intelligence, and Threat Hunting teams to improve detection fidelity and reduce MTTR. Ensure evidence handling meets legal, regulatory, and forensic standards. Lead regulatory-ready incident documentation, timelines, and root cause analysis (RCA). Support audits, regulatory inquiries, and executive reporting related to security incidents. Executive Cross-Functional Coordination Serve as the primary incident response interface to: CISO and executive leadership Legal, Privacy, Compliance, and Communications teams Infrastructure, Network, IT, Platform, and Engineering leadership Deliver clear, factual, and risk-based incident briefings to senior leadership. Support customer and partner communications when security incidents impact trust or service availability. Program Development Continuous Improvement Support Nebius’ incident response program, including: Playbooks and runbooks Tabletop exercises and simulations Red/blue/purple team coordination Drive lessons-learned processes and ensure findings result in measurable control improvements. Define and track incident response KPIs (MTTD, MTTR, containment effectiveness). Required Qualifications: Experience 8+ years in cybersecurity, with significant hands-on incident response leadership experience. Proven experience leading large-scale, high-impact security incidents in cloud or infrastructure-heavy environments. Experience operating in regulated or compliance-driven environments (SOC, ISO, financial services, cloud providers, etc.). Technical Expertise Strong understanding of: Cloud security architectures Network security, IAM, endpoint security, and logging pipelines Threat actor tactics, techniques, and procedures (MITRE ATTCK) Practical experience with SIE ... (truncated, view full listing at source)