Incident Response Lead

Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.

Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.

Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.

• →
  Lead and coordinate of security incidents across Nebius’ cloud, infrastructure, and corporate environments.
• →
  Act as Incident Commander during major incidents, driving containment, eradication, and recovery efforts.
• →
  Support and maintain clear incident classification, escalation, and decision-making frameworks.
• →
  Ensure 24/7 readiness through on-call structures, runbooks, and playbooks.

• →
  Oversee advanced incident triage and forensic investigations across:
• →
  Cloud platforms
• →
  Network and perimeter security
• →
  Identity and access systems
• →
  Supply chain and third-party risks
• →
  Partner with SOC, Threat Intelligence, and Threat Hunting teams to improve detection fidelity and reduce MTTR.
• →
  Ensure evidence handling meets legal, regulatory, and forensic standards.
• →
  Lead regulatory-ready incident documentation, timelines, and root cause analysis (RCA).
• →
  Support audits, regulatory inquiries, and executive reporting related to security incidents.

• →
  Serve as the primary incident response interface to:
• →
  CISO and executive leadership
• →
  Legal, Privacy, Compliance, and Communications teams
• →
  Infrastructure, Network, IT, Platform, and Engineering leadership
• →
  Deliver clear, factual, and risk-based incident briefings to senior leadership.
• →
  Support customer and partner communications when security incidents impact trust or service availability.

• →
  Support Nebius’ incident response program, including:
• →
  Playbooks and runbooks
• →
  Tabletop exercises and simulations
• →
  Red/blue/purple team coordination
• →
  Drive lessons-learned processes and ensure findings result in measurable control improvements.
• →
  Define and track incident response KPIs (MTTD, MTTR, containment effectiveness).

• →
  8+ years in cybersecurity, with significant hands-on incident response leadership experience.
• →
  Proven experience leading large-scale, high-impact security incidents in cloud or infrastructure-heavy environments.
• →
  Experience operating in regulated or compliance-driven environments (SOC, ISO, financial services, cloud providers, etc.).

• →
  Strong understanding of:
• →
  Cloud security architectures
• →
  Network security, IAM, endpoint security, and logging pipelines
• →
  Threat actor tactics, techniques, and procedures (MITRE ATT&CK)
• →
  Practical experience with SIEM, SOAR, EDR, NDR, and forensic tooling.
• →
  Ability to validate technical findings independently and challenge assumptions.

• →
  Demonstrated ability to lead under pressure and make high-quality decisions with incomplete data.
• →
  Clear, concise communicator capable of briefing executives and non-technical stakeholders.
• →
  Strong cross-functional leadership skills without relying on direct authority.

Fast moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI 

Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.

Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire. 

If you need accommodations during the application process, please let us know.