FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Detection Engineering Lead
Nebius GroupLead Detection Engineering & Response at Nebius, building D&R capabilities in cloud security. Overseeing detection improvements and incident response strategies with a team.
Tech Stack
Tools & technologiesCloudGoKubernetesLinuxSplunkSQL
About the role
Key responsibilities & impact- Lead detection development: achieve full MITRE coverage, maintain low false-positive and false-negative rates. Work closely with alerts consumers (20+ teams) to keep noise low and signal high, ensuring they can act quickly without missing genuine threats.
- Architect and operate detection coverage across our cloud and bare-metal environments.
- Build and extend our internal D&R tools and pipelines - onboard new logs, build and automate response runbooks.
- Integrate threat intelligence into detection logic and IR playbooks, tracking adversary TTPs relevant to Cloud infrastructure.
- Lead incident response end-to-end: scoping, containment, root cause analysis, post-incident reviews and controlling critical action items are closed to prevent future possible incidents.
- Partner with Compliance and Engineering teams to detect real threats while meeting the needs of both engineers and regulators.
- Define and report on D&R metrics: MTTD, MTTR, detection coverage, false positive rates, etc.
- Build and maintain Security Incident Response program: people, processes, tools.
- Build tools, runbooks, and on-call processes that scale as the company grows.
Requirements
What you’ll need- 6+ years in security operations, detection engineering, or incident response — with at least 1–2 years leading or mentoring a team.
- Deep hands-on experience with cloud-native environments (Kubernetes, Linux workloads, container-based infrastructure).
- Strong detection engineering skills: writing and tuning rules/detections in SIEM platforms (e.g., Chronicle, Splunk, Elastic) and SQL.
- Experience building or operating SOAR workflows and automating response at scale (ideally with Golang and Temporal).
- Working knowledge of threat intelligence frameworks (MITRE ATT&CK, Pyramid of Pain, Kill Chain) and how to operationalize them in detections.
- Solid IR fundamentals: memory forensics, log analysis, network traffic analysis, and post-incident reporting.
- Stakeholder management: able to coordinate across engineers, compliance, legal, executives during active incident phase. Serve as the primary owner and driver for complex changes, as a result of incidents post-mortem.
Benefits
Comp & perks- Competitive compensation
- Career growth and learning opportunities
- Flexibility and ownership
- Collaborative and innovative culture
- Opportunity to work on impactful AI projects
- International environment and talented teams
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Detection DevelopmentRule Writing and TuningSQLMemory ForensicsLog AnalysisNetwork Traffic AnalysisPost-Incident ReportingSOAR WorkflowsAutomationMITRE ATT&CK
Soft Skills
Stakeholder ManagementTeam LeadershipCoordination