–
Vulnerability Operation Center Lead
Nebius
Remote • Penuh Waktu
Jadilah yang pertama mendaftar
- Pengalaman
- Setiap
- Gaji
- —
- Lowongan
- 1
- Diposting
- 4 jam yang lalu
- Mode kerja
- Bekerja dari rumah
- Melanjutkan
- Wajib mendaftar
Deskripsi pekerjaan
About Nebius:
Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.
Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.
Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.Vulnerability Operation CenterThe team maintains the full vulnerability management lifecycle - from detection and triage through remediation tracking and reporting - across Nebius's cloud infrastructure, product, and hardware stack. The team's focus is on improving vulnerability triaging capabilities and vulnerability data quality, driving effective remediation, and serving as the first line of response for the most critical zero-day vulnerabilities.The roleWe're building a Vulnerability Operations Center from the ground up and need a senior practitioner to lead it. You'll own the full vulnerability management lifecycle - from detection through triage to remediation tracking and reporting - across Nebius' cloud infrastructure, product and hardware stack. This is a high-impact role with big ownership: you'll define processes, select tooling, work directly with engineering teams, and set the standard for how Nebius responds to vulnerabilities.What You'll Do
Improve and maintain automated vulnerability triaging capabilities and vulnerability data quality through data enrichment (internal and external intelligence feeds), quality metrics, AI-assisted triage, context-aware risk scoring, and vulnerability correlation/chaining.
Hands-on validation and triaging of most critical/zero-days vulnerabilities
Work closely with vulnerability data consumers and stakeholders across the organization to meet engineering, compliance, and regulatory requirements by delivering high-quality, actionable findings and driving effective remediation.
Contribute to the development of internal platforms, including the Unified Vulnerability Management (UVM) system and the security orchestration platform, to automate core vulnerability management workflows and reduce manual effort.
Identify current deficiencies in patch management, drive and oversee improvements across engineering teams and business units to improve remediation efficiency and reduce organizational risk
Own vulnerability intake from all sources - scanners, bug bounty, threat intel feeds, and penetration tests
Prioritize findings using risk-based frameworks (CVSS, EPSS, SSVC, asset criticality, exploitability context, business impact) and reduce false positive noise
Drive remediation accountability across infrastructure, platform, and product engineering teams
Identify, track and report vulnerability management metrics, present KPIs and trends to security leadership
Coordinate response to critical/zero-day vulnerabilities, acting as the primary point of contact across security, engineering, and operations
Define and maintain integration between VOC tooling and the broader security ecosystem.
What We're Looking For
5–8 years in information security with at least 3 years focused on vulnerability management or security operations
Deep familiarity with vulnerability scanning tools and their strengths/limitations in cloud-native environments
Strong grasp of CVE/NVD, CVSS scoring, EPSS, SSVC and how to apply them to real-world prioritization
Experience managing vulnerabilities across IaaS/cloud infrastructure (AWS, GCP, Azure, or private cloud) - experience with GPU/HPC environments is a plus
Deep understanding of vulnerability sources limitations and corner cases for different vulnerability classes
Able to write and review code (ability or willingness to develop in Golang) - well enough to assess exploitability, validate fixes, and build lightweight automation (e.g., variant-detection scripts, triage tooling, data pipelines for trend analysis)
Strong grasp of common vulnerability classes at the code and infrastructure level.
Comfortable feeding well-documented vulnerability patterns into AI-assisted code review workflows and critically evaluating the output
Track record of working cross-functionally with engineering teams and holding stakeholders accountable to timelines without being a bottleneck
Strong written and verbal communication - able to translate technical risk into business impact for non-security audiences
Nice to Have
Experience building vulnerability management program from scratch
Familiarity with container and Kubernetes security
Experience with supply chain security (SBOMs, dependency scanning)
Bug bounty triage experience
Public talks or research articles
Why this role at Nebius
Build a Platform Security Vulnerability program from scratch and get to build and lead your own team while doing it
The potential to evolve an in-house AI-powered vulnerability management platform into a cloud security offering for Nebius customers
Work alongside world-class engineers on infrastructure that powers frontier AI.
Competitive compensation with equity upside in a Nasdaq-listed, high-growth company.
Flexible, remote-first culture
#LI-CP1Benefits & Perks:
Competitive compensation
Career growth and learning opportunities
Flexibility and ownership
Collaborative and innovative culture
Opportunity to work on impactful AI projects
International environment and talented teams
What's it like to work at Nebius:
Fast moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI
Equal Opportunity Statement:
Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.
Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire.
If you need accommodations during the application process, please let us know.
Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.
Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.
Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.Vulnerability Operation CenterThe team maintains the full vulnerability management lifecycle - from detection and triage through remediation tracking and reporting - across Nebius's cloud infrastructure, product, and hardware stack. The team's focus is on improving vulnerability triaging capabilities and vulnerability data quality, driving effective remediation, and serving as the first line of response for the most critical zero-day vulnerabilities.The roleWe're building a Vulnerability Operations Center from the ground up and need a senior practitioner to lead it. You'll own the full vulnerability management lifecycle - from detection through triage to remediation tracking and reporting - across Nebius' cloud infrastructure, product and hardware stack. This is a high-impact role with big ownership: you'll define processes, select tooling, work directly with engineering teams, and set the standard for how Nebius responds to vulnerabilities.What You'll Do
Improve and maintain automated vulnerability triaging capabilities and vulnerability data quality through data enrichment (internal and external intelligence feeds), quality metrics, AI-assisted triage, context-aware risk scoring, and vulnerability correlation/chaining.
Hands-on validation and triaging of most critical/zero-days vulnerabilities
Work closely with vulnerability data consumers and stakeholders across the organization to meet engineering, compliance, and regulatory requirements by delivering high-quality, actionable findings and driving effective remediation.
Contribute to the development of internal platforms, including the Unified Vulnerability Management (UVM) system and the security orchestration platform, to automate core vulnerability management workflows and reduce manual effort.
Identify current deficiencies in patch management, drive and oversee improvements across engineering teams and business units to improve remediation efficiency and reduce organizational risk
Own vulnerability intake from all sources - scanners, bug bounty, threat intel feeds, and penetration tests
Prioritize findings using risk-based frameworks (CVSS, EPSS, SSVC, asset criticality, exploitability context, business impact) and reduce false positive noise
Drive remediation accountability across infrastructure, platform, and product engineering teams
Identify, track and report vulnerability management metrics, present KPIs and trends to security leadership
Coordinate response to critical/zero-day vulnerabilities, acting as the primary point of contact across security, engineering, and operations
Define and maintain integration between VOC tooling and the broader security ecosystem.
What We're Looking For
5–8 years in information security with at least 3 years focused on vulnerability management or security operations
Deep familiarity with vulnerability scanning tools and their strengths/limitations in cloud-native environments
Strong grasp of CVE/NVD, CVSS scoring, EPSS, SSVC and how to apply them to real-world prioritization
Experience managing vulnerabilities across IaaS/cloud infrastructure (AWS, GCP, Azure, or private cloud) - experience with GPU/HPC environments is a plus
Deep understanding of vulnerability sources limitations and corner cases for different vulnerability classes
Able to write and review code (ability or willingness to develop in Golang) - well enough to assess exploitability, validate fixes, and build lightweight automation (e.g., variant-detection scripts, triage tooling, data pipelines for trend analysis)
Strong grasp of common vulnerability classes at the code and infrastructure level.
Comfortable feeding well-documented vulnerability patterns into AI-assisted code review workflows and critically evaluating the output
Track record of working cross-functionally with engineering teams and holding stakeholders accountable to timelines without being a bottleneck
Strong written and verbal communication - able to translate technical risk into business impact for non-security audiences
Nice to Have
Experience building vulnerability management program from scratch
Familiarity with container and Kubernetes security
Experience with supply chain security (SBOMs, dependency scanning)
Bug bounty triage experience
Public talks or research articles
Why this role at Nebius
Build a Platform Security Vulnerability program from scratch and get to build and lead your own team while doing it
The potential to evolve an in-house AI-powered vulnerability management platform into a cloud security offering for Nebius customers
Work alongside world-class engineers on infrastructure that powers frontier AI.
Competitive compensation with equity upside in a Nasdaq-listed, high-growth company.
Flexible, remote-first culture
#LI-CP1Benefits & Perks:
Competitive compensation
Career growth and learning opportunities
Flexibility and ownership
Collaborative and innovative culture
Opportunity to work on impactful AI projects
International environment and talented teams
What's it like to work at Nebius:
Fast moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI
Equal Opportunity Statement:
Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.
Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire.
If you need accommodations during the application process, please let us know.