Incident Response Lead

<div class="content-intro"><p><strong data-stringify-type="bold">Why work at Nebius<br></strong>Nebius is leading a new era in cloud computing to serve the global AI economy. We create the tools and resources our customers need to solve real-world challenges and transform industries, without massive infrastructure costs or the need to build large in-house AI/ML teams. Our employees work at the cutting edge of AI cloud infrastructure alongside some of the most experienced and innovative leaders and engineers in the field.</p> <p><strong>Where we work<br></strong>Headquartered in Amsterdam and listed on Nasdaq, Nebius has a global footprint with R&amp;D hubs across Europe, North America, and Israel. The team of over 1400 employees includes more than 400 highly skilled engineers with deep expertise across hardware and software engineering, as well as an in-house AI R&amp;D team.</p></div><div class="elementToProof">&nbsp;</div> <div class="elementToProof"><strong>Role Overview</strong></div> <div class="elementToProof">&nbsp;</div> <div class="elementToProof">Nebius is seeking an Incident Response Lead&nbsp;to own and mature the company’s global cyber incident response capability. This role sits within the CISO Office&nbsp;and is accountable for response execution, post-incident learning, and executive-level coordination&nbsp;across Nebius’ cloud, infrastructure, and platform environments.</div> <div class="elementToProof">&nbsp;</div> <div class="elementToProof">The Incident Response Lead will act as the single accountable owner&nbsp;for high-severity security incidents, ensuring rapid containment, accurate impact assessment, regulatory-compliant communications, and continuous improvement of detection and response capabilities.</div> <div class="elementToProof">This role requires deep technical expertise, strong crisis leadership, and the ability to operate under pressure in highly regulated, high-availability environments.</div> <p><strong>Key Responsibilities</strong></p> <div class="elementToProof"><span style="text-decoration: underline;">Incident Response Leadership</span></div> <ul data-start="1418" data-end="1838"> <li> <div class="elementToProof">Lead and coordinate of security incidents&nbsp;across Nebius’ cloud, infrastructure, and corporate environments.</div> </li> <li> <div class="elementToProof">Act as Incident Commander&nbsp;during major incidents, driving containment, eradication, and recovery efforts.</div> </li> <li> <div class="elementToProof">Support and maintain clear incident classification, escalation, and decision-making frameworks.</div> </li> <li> <div class="elementToProof">Ensure 24/7 readiness through on-call structures, runbooks, and playbooks.</div> </li> </ul> <div class="elementToProof"><span style="text-decoration: underline;">Detection, Triage, and Investigation</span></div> <ul data-start="1885" data-end="2299"> <li> <div class="elementToProof">Oversee advanced incident triage and forensic investigations across:</div> </li> <ul data-start="1958" data-end="2106"> <li> <div class="elementToProof">Cloud platforms</div> </li> <li> <div class="elementToProof">Network and perimeter security</div> </li> <li> <div class="elementToProof">Identity and access systems</div> </li> <li> <div class="elementToProof">Supply chain and third-party risks</div> </li> </ul> <li> <div class="elementToProof">Partner with SOC, Threat Intelligence, and Threat Hunting teams to improve detection fidelity and reduce MTTR.</div> </li> <li> <div class="elementToProof">Ensure evidence handling meets legal, regulatory, and forensic standards.</div> </li> <li> <div class="elementToProof">Lead regulatory-ready incident documentation, timelines, and root cause analysis (RCA).</div> </li> <li> <div class="elementToProof">Support audits, regulatory inquiries, and executive reporting related to security incidents.</div> </li> </ul> <div class="elementToProof"><span style="text-decoration: underline;">Executive &amp; Cross-Functional Coordination</span></div> <ul data-start="2830" data-end="3226"> <li> <div class="elementToProof">Serve as the primary incident response interface to:</div> </li> <ul data-start="2887" data-end="3032"> <li> <div class="elementToProof">CISO and executive leadership</div> </li> <li> <div class="elementToProof">Legal, Privacy, Compliance, and Communications teams</div> </li> <li> <div class="elementToProof">Infrastructure, Network, IT, Platform, and Engineering leadership</div> </li> </ul> <li> <div class="elementToProof">Deliver clear, factual, and risk-based incident briefings&nbsp;to senior leadership.</div> </li> <li> <div class="elementToProof">Support customer and partner communications when security incidents impact trust or service availability.</div> </li> </ul> <div class="elementToProof"><span style="text-decoration: underline;">Program Development &amp; Continuous Improvement</span></div> <ul data-start="3281" data-end="3634"> <li> <div class="elementToProof">Support Nebius’ incident response program, including:</div> </li> <ul data-start="3353" data-end="3454"> <li> <div class="elementToProof">Playbooks and runbooks</div> </li> <li> <div class="elementToProof">Tabletop exercises and simulations</div> </li> <li> <div class="elementToProof">Red/blue/purple team coordination</div> </li> </ul> <li> <div class="elementToProof">Drive lessons-learned processes and ensure findings result in measurable control improvements.</div> </li> <li> <div class="elementToProof">Define and track incident response KPIs (MTTD, MTTR, containment effectiveness).</div> </li> </ul> <div class="elementToProof"><strong>Required Qualifications:</strong></div> <div class="elementToProof">&nbsp;</div> <div class="elementToProof">Experience</div> <ul data-start="3692" data-end="4043"> <li> <div class="elementToProof">8+ years in cybersecurity, with significant hands-on incident response leadership&nbsp;experience.</div> </li> <li> <div class="elementToProof">Proven experience leading large-scale, high-impact security incidents&nbsp;in cloud or infrastructure-heavy environments.</div> </li> <li> <div class="elementToProof">Experience operating in regulated or compliance-driven environments&nbsp;(SOC, ISO, financial services, cloud providers, etc.).</div> </li> </ul> <div class="elementToProof">Technical Expertise</div> <ul data-start="4073" data-end="4456"> <li> <div class="elementToProof">Strong understanding of:</div> </li> <ul data-start="4102" data-end="4302"> <li> <div class="elementToProof">Cloud security architectures</div> </li> <li> <div class="elementToProof">Network security, IAM, endpoint security, and logging pipelines</div> </li> <li> <div class="elementToProof">Threat actor tactics, techniques, and procedures (MITRE ATT&amp;CK)</div> </li> </ul> <li> <div class="elementToProof">Practical experience with SIEM, SOAR, EDR, NDR, and forensic tooling.</div> </li> <li> <div class="elementToProof">Ability to validate technical findings independently and challenge assumptions.</div> </li> </ul> <div class="elementToProof">Leadership &amp; Communication</div> <ul data-start="4493" data-end="4766"> <li> <div class="elementToProof">Demonstrated ability to lead under pressure and make high-quality decisions with incomplete data.</div> </li> <li> <div class="elementToProof">Clear, concise communicator capable of briefing executives and non-technical stakeholders.</div> </li> <li> <div class="elementToProof">Strong cross-functional leadership skills without relying on direct authority.</div> </li> </ul> <p>&nbsp;</p> <p>&nbsp;</p><div class="content-conclusion"><p><strong>What we offer</strong>&nbsp;</p> &l