Role Overview

Nebius is seeking a Detection & Response Manager to lead and mature our security operations and adversary defense capabilities.

This role owns SOC operations, incident response, red teaming, and security automation (SIEM & SOAR) across cloud, data center, and enterprise environments.

The ideal candidate combines operational excellence, threat-adversary thinking, and automation-first execution.

Key Responsibilities

Security Operations Center (SOC) Leadership

• Own day-to-day SOC operations across cloud, data center, and corporate environments

• Define detection strategy aligned to Nebius threat models and crown jewels

• Ensure high-quality alerting, triage, escalation, and reporting

• Continuously reduce false positives and alert fatigue

Incident Response & Crisis Management

• Lead end-to-end incident response for high-severity security incidents

• Own incident command during crises (technical, executive, and regulatory coordination)

• Ensure post-incident reviews lead to real control improvements

• Maintain and regularly test incident response playbooks

Red Team & Adversarial Testing

• Manage red team and purple team activities (internal and external)

• Translate real-world adversary TTPs into detection and response improvements

• Ensure findings from red team exercises are remediated and verified

• Partner with product, cloud, and physical security teams on attack simulations

SOC Automation (SIEM & SOAR)

• Own SIEM and SOAR strategy, architecture, and roadmap

• Drive automation of detection, enrichment, response, and reporting

• Integrate identity, cloud, CI/CD, and physical security telemetry

• Measure SOC effectiveness using MTTD, MTTR, and coverage metrics

Threat Intelligence & Continuous Improvement

• Operationalize threat intelligence into detections and playbooks

• Track emerging threats relevant to cloud, AI, and infrastructure providers

• Continuously improve detection coverage against prioritized attack paths

What Success Looks Like (12 Months)

• Measurable reduction in MTTD and MTTR for high-severity incidents

• Majority of high-risk incidents detected internally, not externally

• Red team findings consistently detected and contained

• SOC automation meaningfully reduces manual effort

• Clear, trusted security reporting to CISO and leadership

Required Qualifications

• 7+ years in security operations, incident response, or threat detection

• Proven experience leading a SOC or incident response function

• Strong experience with SIEM and SOAR platforms

• Deep understanding of:

• Cloud security 

• Identity-based attacks and detection

• Endpoint, network, and application telemetry

• Experience running or managing red team / purple team activities

• Calm, decisive leadership under pressure

Preferred Qualifications

• Experience in cloud service providers, hyperscale, or infrastructure companies

• Familiarity with GPU / HPC environments or large-scale data centers

• Experience with DORA, SOC 2, ISO 27001 incident requirements

• Background in threat hunting or offensive security

Key Skills & Attributes

• Adversary-minded: thinks like an attacker, not a tool operator

• Automation-first mindset

• Strong communicator during crises

• Data-driven decision making

• High ownership, low ego

Why Nebius

• Defend one of the most advanced AI and GPU cloud platforms

• Influence security architecture at scale

• Operate at the intersection of cloud, physical infrastructure, and regulation

• Build a modern, high-impact detection & response function

The role

Nebius is looking for an experienced Security Architect Manager to join the Cyber Security organization, reporting to the Head of Security Engineering uner the CISO.

This role is responsible for leading the organization’s security architecture across corporate networks and cloud environments, ensuring secure design and implementation of enterprise infrastructure at scale.

The ideal candidate combines deep expertise in network and cloud security with strong leadership capabilities. You will define and drive security architecture across hybrid environments, working closely with IT, Infrastructure, Network, DevOps, and Security teams to ensure robust, scalable, and resilient security controls.

Your responsibilities will include: 

• Lead and manage the security architecture domain, including security architects and/or senior engineers.
• Define and maintain security architecture standards, guidelines, and reference designs across corporate and cloud environments.
• Act as the primary authority on enterprise security architecture across networks, identity, endpoints, and cloud platforms.
• Design and evolve secure enterprise network architectures, including segmentation, Zero Trust, and hybrid connectivity.
• Define and enforce security controls for corporate networks, data centers, and remote access solutions (ZTNA, proxies, NAC).
• Lead architecture and selection of network security technologies (e.g., firewalls, secure gateways, access control solutions).
• Lead security architecture across cloud platforms and hybrid environments.
• Define secure reference architectures for cloud networking, identity, and workload protection.
• Ensure proper implementation of cloud security controls, including IAM, segmentation, encryption, and monitoring.
• Define security architecture for endpoints and identity, including EDR/XDR, device hardening, SSO, MFA, and privileged access.
• Ensure secure baseline configurations and access control mechanisms across corporate and cloud environments.
• Identify architectural risks and security gaps and drive mitigation strategies across infrastructure and cloud environments.
• Establish and enforce architecture review processes and governance for new systems and changes.
• Collaborate with SOC, Vulnerability Management, IT, and Infrastructure teams to improve overall security posture.
• Contribute to the cyber security strategy and roadmap, including adoption of modern models such as Zero Trust.

We expect you to have: 

• 7+ years of experience in cyber security, with a strong focus on network and cloud security.
• 2+ years of experience leading or managing security architects or senior security engineers.
• Deep expertise in enterprise network security (firewalls, segmentation, VPN, proxies, NAC, etc.).
• Strong hands-on experience with cloud platforms (AWS, GCP, Azure) and cloud security best practices.
• Strong understanding of identity and access management (IAM), Active Directory / Entra ID, and privileged access controls.
• Experience securing hybrid environments (on-premise + cloud).
• Hands-on experience with enterprise security technologies (e.g., Palo Alto, Check Point, Cisco, Zscaler, CrowdStrike, Microsoft Defender).
• Strong understanding of Zero Trust architecture principles.
• Experience working cross-functionally with IT, Infrastructure, Network, DevOps, and Security teams.
• Excellent analytical, problem-solving, and communication skills in English.

It will be an added bonus if you have: 

• Experience designing and implementing Zero Trust or network segmentation programs.
• Familiarity with cloud-native security tools (e.g., Wiz, Prisma Cloud, Defender for Cloud).
• Experience with enterprise identity platforms (Entra ID / Azure AD, Okta, etc.).
• Knowledge of regulatory and compliance frameworks (ISO 27001, SOC 2, NIST, etc.).
• Experience in large-scale enterprise or high-growth environments.
• Relevant certifications such as CISSP, CCSP, or equivalent.
• BSc in Computer Science, Information Security, or a related field.

The role

Nebius is looking for a an experienced SOC Manager to join the Cyber Security organization, reporting to the Head of Detection & Response under the CISO.

This role is responsible for leading the organization’s Security Operations Center (SOC), overseeing 24/7 monitoring, detection, and response activities across cloud, infrastructure, SaaS, and enterprise environments.

The ideal candidate is both operationally strong and strategically minded, with hands-on experience in security operations, incident response, and team leadership. You will drive continuous improvement of detection and response capabilities while ensuring effective collaboration with Security, DevOps, Infrastructure, and Engineering teams.

 You’re welcome to work in our offices in Tel Aviv.

Your responsibilities will include: 

SOC Operations Leadership

• Lead and manage day-to-day SOC operations, including monitoring, detection, triage, and incident response.
• Oversee security alerts and incidents across SIEM, EDR/XDR, cloud security, and other detection platforms.
• Ensure timely and effective response to security incidents in accordance with defined SLAs and severity levels.
• Manage SOC analysts (internal or external), including task prioritization, shift coverage, performance, and professional development.

Incident Response & Handling

• Own the full incident response lifecycle: detection, analysis, containment, eradication, and recovery.
• Act as the primary escalation point for complex or high-severity security incidents.
• Coordinate cross-functional response efforts with Security, IT, DevOps, Infrastructure, and Engineering teams.
• Ensure proper documentation, incident tracking, and execution of post-incident reviews (lessons learned).

Detection, Monitoring & Improvement

• Continuously improve detection capabilities, including development and tuning of use cases and alerting rules.
• Reduce false positives while increasing detection coverage, accuracy, and operational efficiency.
• Drive onboarding of new log sources and security telemetry into SIEM and monitoring platforms.
• Promote automation and orchestration (SOAR) to improve response times and reduce manual effort.

Governance, KPIs & Reporting

• Define, track, and report on SOC KPIs such as MTTD, MTTR, alert volumes, and incident trends.
• Build and maintain dashboards and executive-level reporting for the CISO and senior leadership.
• Develop and maintain SOC playbooks, runbooks, and standard operating procedures.
• Support audits, compliance activities, and alignment with security frameworks and policies.

We expect you to have: 

• 5+ years of experience in cyber security operations, SOC, or incident response roles.
• 2+ years of experience managing or leading SOC teams (internal or MSSP).
• Hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) and EDR/XDR tools.
• Strong understanding of incident response processes and security operations workflows.
• Experience working in cloud environments (AWS, GCP, Azure) and modern infrastructure.
• Strong analytical and problem-solving skills with high attention to detail.
• Experience working cross-functionally with Security, DevOps, IT, and Engineering teams.

It will be an added bonus if you have: 

• Experience building or scaling SOC capabilities in a growing organization.
• Familiarity with SOAR platforms and security automation.
• Knowledge of threat intelligence and threat hunting methodologies.
• Experience working within a CISO organization or Security PMO.
• Familiarity with regulatory frameworks (ISO 27001, SOC 2, NIST, etc.).
• Background in SaaS, cloud-native environments, or large-scale enterprise systems.
• BSc in Computer Science, Information Security, or a related field.