Detection & Response Manager

Nebius is seeking a Detection & Response Manager to lead and mature our security operations and adversary defense capabilities.

This role owns SOC operations, incident response, red teaming, and security automation (SIEM & SOAR) across cloud, data center, and enterprise environments.

The ideal candidate combines operational excellence, threat-adversary thinking, and automation-first execution.

Security Operations Center (SOC) Leadership

• Own day-to-day SOC operations across cloud, data center, and corporate environments

• Define detection strategy aligned to Nebius threat models and crown jewels

• Ensure high-quality alerting, triage, escalation, and reporting

• Continuously reduce false positives and alert fatigue

• Lead end-to-end incident response for high-severity security incidents

• Own incident command during crises (technical, executive, and regulatory coordination)

• Ensure post-incident reviews lead to real control improvements

• Maintain and regularly test incident response playbooks

• Manage red team and purple team activities (internal and external)

• Translate real-world adversary TTPs into detection and response improvements

• Ensure findings from red team exercises are remediated and verified

• Partner with product, cloud, and physical security teams on attack simulations

• Own SIEM and SOAR strategy, architecture, and roadmap

• Drive automation of detection, enrichment, response, and reporting

• Integrate identity, cloud, CI/CD, and physical security telemetry

• Measure SOC effectiveness using MTTD, MTTR, and coverage metrics

• Operationalize threat intelligence into detections and playbooks

• Track emerging threats relevant to cloud, AI, and infrastructure providers

• Continuously improve detection coverage against prioritized attack paths

• Measurable reduction in MTTD and MTTR for high-severity incidents

• Majority of high-risk incidents detected internally, not externally

• Red team findings consistently detected and contained

• SOC automation meaningfully reduces manual effort

• Clear, trusted security reporting to CISO and leadership

• 7+ years in security operations, incident response, or threat detection

• Proven experience leading a SOC or incident response function

• Strong experience with SIEM and SOAR platforms

• Deep understanding of:

• Cloud security 

• Identity-based attacks and detection

• Endpoint, network, and application telemetry

• Experience running or managing red team / purple team activities

• Calm, decisive leadership under pressure

• Experience in cloud service providers, hyperscale, or infrastructure companies

• Familiarity with GPU / HPC environments or large-scale data centers

• Experience with DORA, SOC 2, ISO 27001 incident requirements

• Background in threat hunting or offensive security

• Adversary-minded: thinks like an attacker, not a tool operator

• Automation-first mindset

• Strong communicator during crises

• Data-driven decision making

• High ownership, low ego

• Defend one of the most advanced AI and GPU cloud platforms

• Influence security architecture at scale

• Operate at the intersection of cloud, physical infrastructure, and regulation

• Build a modern, high-impact detection & response function