Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Nebius Group

Detection Engineering Lead

Nebius Group

Lead Detection Engineering & Response at Nebius, building D&R capabilities in cloud security. Overseeing detection improvements and incident response strategies with a team.

Posted 7/6/2026full-timeRemote • 🇪🇺 Anywhere in EuropeSeniorWebsite

Tech Stack

Tools & technologies
CloudGoKubernetesLinuxSplunkSQL

About the role

Key responsibilities & impact
  • Lead detection development: achieve full MITRE coverage, maintain low false-positive and false-negative rates. Work closely with alerts consumers (20+ teams) to keep noise low and signal high, ensuring they can act quickly without missing genuine threats.
  • Architect and operate detection coverage across our cloud and bare-metal environments.
  • Build and extend our internal D&R tools and pipelines - onboard new logs, build and automate response runbooks.
  • Integrate threat intelligence into detection logic and IR playbooks, tracking adversary TTPs relevant to Cloud infrastructure.
  • Lead incident response end-to-end: scoping, containment, root cause analysis, post-incident reviews and controlling critical action items are closed to prevent future possible incidents.
  • Partner with Compliance and Engineering teams to detect real threats while meeting the needs of both engineers and regulators.
  • Define and report on D&R metrics: MTTD, MTTR, detection coverage, false positive rates, etc.
  • Build and maintain Security Incident Response program: people, processes, tools.
  • Build tools, runbooks, and on-call processes that scale as the company grows.

Requirements

What you’ll need
  • 6+ years in security operations, detection engineering, or incident response — with at least 1–2 years leading or mentoring a team.
  • Deep hands-on experience with cloud-native environments (Kubernetes, Linux workloads, container-based infrastructure).
  • Strong detection engineering skills: writing and tuning rules/detections in SIEM platforms (e.g., Chronicle, Splunk, Elastic) and SQL.
  • Experience building or operating SOAR workflows and automating response at scale (ideally with Golang and Temporal).
  • Working knowledge of threat intelligence frameworks (MITRE ATT&CK, Pyramid of Pain, Kill Chain) and how to operationalize them in detections.
  • Solid IR fundamentals: memory forensics, log analysis, network traffic analysis, and post-incident reporting.
  • Stakeholder management: able to coordinate across engineers, compliance, legal, executives during active incident phase. Serve as the primary owner and driver for complex changes, as a result of incidents post-mortem.

Benefits

Comp & perks
  • Competitive compensation
  • Career growth and learning opportunities
  • Flexibility and ownership
  • Collaborative and innovative culture
  • Opportunity to work on impactful AI projects
  • International environment and talented teams

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Detection DevelopmentRule Writing and TuningSQLMemory ForensicsLog AnalysisNetwork Traffic AnalysisPost-Incident ReportingSOAR WorkflowsAutomationMITRE ATT&CK
Soft Skills
Stakeholder ManagementTeam LeadershipCoordination