SIEM Engineers Lead

Why work at Nebius Nebius is leading a new era in cloud computing to serve the global AI economy. We create the tools and resources our customers need to solve real-world challenges and transform industries, without massive infrastructure costs or the need to build large in-house AI/ML teams. Our employees work at the cutting edge of AI cloud infrastructure alongside some of the most experienced and innovative leaders and engineers in the field. Where we work Headquartered in Amsterdam and listed on Nasdaq, Nebius has a global footprint with RD hubs across Europe, North America, and Israel. The team of over 1400 employees includes more than 400 highly skilled engineers with deep expertise across hardware and software engineering, as well as an in-house AI RD team. The role Nebius is looking for a highly technical, hands-on SIEM Engineer Lead to design, implement, and optimize advanced Security Information and Event Management (SIEM) capabilities. This role is responsible for developing detection strategies, improving security visibility, and driving automation across security operations processes. The ideal candidate will combine deep SIEM expertise with strong analytical and engineering skills to enhance threat detection, incident response efficiency, and security monitoring maturity. This is not a people management position, you will provide technical guidance, mentorship, and direction to SOC analysts, security engineers, and cross-functional teams You’re welcome to work in our offices in Tel Aviv. Your responsibilities will include: Architect, deploy, and maintain enterprise SIEM platforms and related security monitoring infrastructure. Develop and optimize detection rules, correlation logic, and alert mechanisms to identify security threats and anomalous activity. Design and implement log ingestion pipelines, normalization, and enrichment processes across diverse data sources. Continuously improve detection coverage by analyzing threat intelligence, attacker techniques, and emerging vulnerabilities. Create and maintain dashboards, reports, and metrics to support security visibility and operational decision-making. Drive automation of security monitoring and response workflows using scripting, APIs, and orchestration tools. Perform tuning and performance optimization of SIEM platforms to ensure scalability and reliability. Conduct threat hunting activities and support complex security investigations using SIEM data. Collaborate with engineering, infrastructure, and security stakeholders to integrate new log sources and telemetry. Develop documentation, standards, and best practices for SIEM configuration, logging, and detection engineering. Create APIs and interfaces that enable AI agents to query SIEM, pull evidence, and execute actions We expect you to have: 5+ years of experience in cybersecurity with strong focus on SIEM engineering or security monitoring. Hands-on experience with SIEM platforms such as Splunk, Microsoft Sentinel, QRadar, CrowdStrike, Elastic, or similar. Strong knowledge of log analysis,event correlation, and detection engineering . Experience with data pipelines, log parsing, and schema design . Experience with SOAR platforms and security automation . Experience with scripting or programming (e.g., Python, PowerShell, Bash) for automation and integrations. Solid understanding of network protocols, operating systems, cloud environments, and common attack techniques . Familiarity with frameworks such as MITRE ATTCK, NIST, or CIS for detection mapping and security controls . Experience integrating threat intelligence and security tools with SIEM platforms . Knowledge of cloud logging and monitoring (AWS, Azure, GCP). Strong knowledge of Kubernetes architecture and security concepts Experience with Terraform, CI/CD pipelines and Detection as code workflow It will be an added bonus if you have: Experience building and deploying LLM-based AI agents Experi ... (truncated, view full listing at source)