# Detection Engineering & Response Lead

Remote from[Europe](https://jobicy.com/job-region/europe.md)Annual salary Undisclosed Salary information is not provided for this position.
Check our [Salary Directory](https://jobicy.com/salaries.md) to estimate the average compensation for similar roles.Department  [Cybersecurity](https://jobicy.com/categories/cybersecurity.md) Employment type Full Time, Job posted7 Jul 2026Apply before7 Aug 2026Experience level  Senior
Views / Applies 34 / 0 [About company](https://jobicy.com/company/nebius.md)

* Share About [Nebius](https://jobicy.com/company/nebius.md)

Nebius is the AI cloud company, delivering a unified platform that spans the complete AI journey from data and model training and tuning to production runtime and deployment.

[Computer Software](https://jobicy.com/company-category/software.md)
*  2023

Actively Hiring  Verified job posting This job post has been [manually reviewed](https://jobicy.com/tools/help-center/employee/how-does-jobicy-verify-the-legitimacy-of-remote-job-listings.md) for authenticity and compliance.

###  AI Summary

Nebius is seeking a Detection Engineering & Response Lead to build and run their D&R capability from the ground up. This role involves leading detection engineering, threat intelligence, and incident response functions across the cloud platform. The ideal candidate will have 6+ years in security operations, deep experience with cloud-native environments, and strong detection engineering skills. They will own the development of detection coverage, incident response processes, and D&R metrics. This is a high-impact leadership role at a growing Nasdaq-listed AI cloud infrastructure company.

### Role DNA

Job Complexity Easy Hard Pace & Pressure Relaxed Fast-paced Autonomy Level Guided Full Ownership Communication Load Independent Highly Collaborative

AI Insight The role requires building a D&R capability from scratch, leading a team, and handling complex incidents across cloud and bare-metal environments, making it highly challenging.

### Salary Analysis

Median  Highly Competitive  $175,000US Market $120k – 220k 0 $242k      AI Insight Since no salary was provided, the median is estimated at $175,000 based on US market data for similar senior detection engineering and incident response lead roles. This is competitive for a leadership position at a scaling cloud infrastructure company.

### Core Skills Required

[Detection Engineering](https://jobicy.com/jobs?search_keywords=Detection+Engineering.md) [Incident Response](https://jobicy.com/jobs?search_keywords=Incident+Response.md) [Threat Intelligence](https://jobicy.com/jobs?search_keywords=Threat+Intelligence.md) [Cloud Security](https://jobicy.com/jobs?search_keywords=Cloud+Security.md) [Kubernetes](https://jobicy.com/jobs?search_keywords=Kubernetes.md) [SIEM](https://jobicy.com/jobs?search_keywords=SIEM.md) [SOAR](https://jobicy.com/jobs?search_keywords=SOAR.md) [MITRE ATT&CK](https://jobicy.com/jobs?search_keywords=MITRE+ATTCK.md) [Golang](https://jobicy.com/jobs?search_keywords=Golang.md) [Forensics](https://jobicy.com/jobs?search_keywords=Forensics.md)

### Cover Letter Sample

Dear Hiring Manager,

I am excited to apply for the Detection Engineering & Response Lead role at Nebius. With over 8 years in security operations and incident response, I have built and led D&R teams that achieved full MITRE ATT&CK coverage and automated response workflows. My experience includes architecting detection pipelines in cloud-native environments like Kubernetes and deploying SOAR playbooks using Golang and Temporal.

At my previous role, I reduced MTTD by 40% through improved detection engineering and integrated threat intelligence into IR processes. I am adept at balancing engineering and compliance needs, leading post-incident reviews, and driving metrics-driven improvements. Nebius's mission to power AI infrastructure aligns perfectly with my expertise in securing large-scale distributed systems.

I am eager to bring my hands-on technical skills and leadership to build a world-class D&R program at Nebius. Thank you for considering my application.

Sincerely,
[Your Name]

Copy

### Sample Interview Questions

How would you approach building a detection coverage baseline for a new cloud environment with multiple services?I would start by mapping out the attack surface using the MITRE ATT&CK framework and prioritizing based on threat intelligence relevant to cloud infrastructure. Then, I'd implement logging coverage for critical sources like Kubernetes audit logs, cloud API logs, and network flows. I'd develop detection rules using a combination of sigma rules and custom queries, ensuring low false positives through tuning. Finally, I'd establish a process for continuous improvement via red team exercises and feedback from incident response.Describe an incident you led from detection to post-mortem. What was your role and outcome?I led an incident involving a cryptocurrency miner on a Kubernetes cluster. I scoped the breach by analyzing misconfigured RBAC and container images, contained by isolating affected nodes, and removed the malware. Root cause was lack of image scanning. Post-mortem led to automated image scanning and admission controllers. Outcome: reduced MTTD by 30% and strengthened security posture.How do you prioritize detection rules when resources are limited?I prioritize based on risk: critical assets, commonly exploited TTPs from threat intel, and compliance requirements. I use a scoring system considering likelihood and impact. High-priority rules are developed first, with continuous tuning to reduce noise. I also leverage automation to streamline rule deployment and maintenance.Explain how you would integrate threat intelligence into detection engineering to improve coverage.I would operationalize threat intelligence by tracking adversary TTPs relevant to our environment, such as those targeting cloud infrastructure. I'd create detection rules for behaviors like compromised API keys, abnormal network traffic to known C2s, and use of common tools like Mimikatz. I also feed indicators into SIEM for automated correlation, and update intelligence sources regularly.How do you handle false positives and ensure your detection pipeline remains effective at scale?I implement a feedback loop with analysts to continuously tune rules. I use data analytics to identify patterns in false positives and adjust thresholds or attributes. Automation can suppress known benign activities. Regular reviews of detection coverage and false positive rates are reported to stakeholders. I also use SOAR to automate enrichment and reduce alert fatigue.  About Nebius:

Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.

Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.

Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.

The Role

We’re hiring a Detection Engineering & Response Lead to build and run our D&R capability from the ground up. You’ll own the detection engineering, threat intelligence, and incident response functions across Nebius Cloud – and lead a small, growing team of analysts and engineers.

This is a lead engineering role responsible for detection development, handling the most complex security incidents, forensics, and shaping the D&R strategy.

What you’ll do

*

Lead detection development: achieve full MITRE coverage, maintain low false-positive and false-negative rates. Work closely with alerts consumers (20+ teams) to keep noise low and signal high, ensuring they can act quickly without missing genuine threats.

*

Architect and operate detection coverage across our cloud and bare-metal environments

*

Build and extend our internal D&R tools and pipelines – onboard new logs, build and automate response runbooks.

*

Integrate threat intelligence into detection logic and IR playbooks, tracking adversary TTPs relevant to Cloud infrastructure

*

Lead incident response end-to-end: scoping, containment, root cause analysis, post-incident reviews and controlling critical action items are closed to prevent future possible incidents.

*

Partner with Compliance and Engineering teams to detect real threats while meeting the needs of both engineers and regulators.

*

Define and report on D&R metrics: MTTD, MTTR, detection coverage, false positive rates, etc.

*

Build and maintain Security Incident Response program: people, processes, tools.

*

Build tools, runbooks, and on-call processes that scale as the company grows.

What we look for

*

6+ years in security operations, detection engineering, or incident response — with at least 1–2 years leading or mentoring a team.

*

Deep hands-on experience with cloud-native environments (Kubernetes, Linux workloads, container-based infrastructure).

*

Strong detection engineering skills: writing and tuning rules/detections in SIEM platforms (e.g., Chronicle, Splunk, Elastic) and SQL.

*

Experience building or operating SOAR workflows and automating response at scale (ideally with Golang and Temporal).

*

Working knowledge of threat intelligence frameworks (MITRE ATT&CK, Pyramid of Pain, Kill Chain) and how to operationalize them in detections.

*

Solid IR fundamentals: memory forensics, log analysis, network traffic analysis, and post-incident reporting.

*

Stakeholder management: able to coordinate across engineers, compliance, legal, executives during active incident phase. Serve as the primary owner and driver for complex changes, as a result of incidents post-mortem.

Nice to have:

*

Experience with AI/ML and GPU clusters related threats.

*

Familiarity with eBPF-based detection or runtime security tooling (Falco, Tetragon).

*

Background in threat hunting.

Why this role at Nebius

*

Build D&R at a company scaling from startup to global infrastructure provider in real time.

*

Ability to evolve our internal D&R platform into a new cloud security product, delivering novel security observability for a range of neocloud customers – from big tech to AI startups.

*

Work alongside world-class engineers on infrastructure that powers frontier AI.

*

Competitive compensation with equity upside in a Nasdaq-listed, high-growth company.

*

Flexible, remote-first culture.

Benefits & Perks:

* Competitive compensation
* Career growth and learning opportunities
* Flexibility and ownership
* Collaborative and innovative culture
* Opportunity to work on impactful AI projects
* International environment and talented teams

What’s it like to work at Nebius:

Fast moving – Bold thinking – Constant growth – Meaningful impact – Trust and real ownership – Opportunity to shape the future of AI

Equal Opportunity Statement:

Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.

Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire.

If you need accommodations during the application process, please let us know.

Show more

[Apply now >](https://jobicy.com/jobs/148918-detection-engineering-response-lead.md)

>  Annual salary information is not provided for this position. Explore salary ranges for similar roles in our [Salary Directory ›](https://jobicy.com/salaries.md)

*

![Upload CV](data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2NSIgaGVpZ2h0PSI2NSIgZmlsbD0ibm9uZSIgeG1sbnM6dj0iaHR0cHM6Ly92ZWN0YS5pby9uYW5vIj48ZyBjbGlwLXBhdGg9InVybCgjQSkiPjxwYXRoIGQ9Ik0wIDBINjVWNjVIMFYwWiIgZmlsbD0iIzAyOWFlYiIvPjxnIGZpbGw9IiNmZmYiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLXdpZHRoPSIyIj48cGF0aCBkPSJNMzMuMDQ5IDE1LjQ1NGExLjQzIDEuNDMgMCAwIDAtMi4wOTcgMGwtNy41NzkgOC4xNDdhMS4zOCAxLjM4IDAgMCAwIC4wOSAxLjk3MyAxLjQ0IDEuNDQgMCAwIDAgMi4wMDgtLjA4OGw1LjEwOS01LjQ5MnYyMC42MWExLjQxIDEuNDEgMCAwIDAgMS40MjEgMS4zOTdjLjc4NSAwIDEuNDIxLS42MjUgMS40MjEtMS4zOTd2LTIwLjYxbDUuMTA5IDUuNDkyYTEuNDQgMS40NCAwIDAgMCAyLjAwOC4wODggMS4zOCAxLjM4IDAgMCAwIC4wOS0xLjk3M2wtNy41NzktOC4xNDZ6TTE2Ljc2OSAzOC40YzAtLjc3My0uNjItMS40LTEuMzg1LTEuNFMxNCAzNy42MjcgMTQgMzguNHYuMTAybC4yMTUgNi4yMjljLjIyMyAxLjY4LjcwMSAzLjA5NSAxLjgxMyA0LjIxOHMyLjUxIDEuNjA3IDQuMTcyIDEuODMzYzEuNi4yMTggMy42MzYuMjE4IDYuMTYuMjE4aDExLjI4bDYuMTYtLjIxOGMxLjY2Mi0uMjI2IDMuMDYxLS43MDkgNC4xNzItMS44MzNzMS41ODktMi41MzggMS44MTMtNC4yMThDNTAgNDMuMTEzIDUwIDQxLjA1NSA1MCAzOC41MDNWMzguNGMwLS43NzMtLjYyLTEuNC0xLjM4NS0xLjRzLTEuMzg1LjYyNy0xLjM4NSAxLjRsLS4xOSA1Ljk1OGMtLjE4MiAxLjM3LS41MTUgMi4wOTUtMS4wMjYgMi42MTJzLTEuMjI4Ljg1My0yLjU4MyAxLjAzOGMtMS4zOTUuMTktMy4yNDMuMTkzLTUuODkzLjE5M0gyNi40NjJjLTIuNjUgMC00LjQ5OC0uMDAzLTUuODkzLS4xOTMtMS4zNTUtLjE4NC0yLjA3Mi0uNTIxLTIuNTgzLTEuMDM4cy0uODQ0LTEuMjQyLTEuMDI2LTIuNjEyYy0uMTg3LTEuNDEtLjE5MS0zLjI3OS0uMTkxLTUuOTU4eiIvPjwvZz48L2c+PGRlZnM+PGNsaXBQYXRoIGlkPSJBIj48cGF0aCBmaWxsPSIjZmZmIiBkPSJNMCAwaDY1djY1SDB6Ii8+PC9jbGlwUGF0aD48L2RlZnM+PC9zdmc+)

### Upload your resume now

To unlock remote work opportunities and be discovered by global employers.

This job listing has been manually reviewed by the Jobicy Trust & Safety Team for compliance with our posting guidelines, including verification of the company's legitimacy, accuracy of job details, clarity of remote work policy, and absence of misleading or fraudulent content.

## How to apply

## See a few more

Similar Cybersecurity remote jobs

*
![NBCUniversal logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/836510d4-221-2.jpg)

NBCUniversal

### [Senior Cyber Incident Response Engineer](https://jobicy.com/jobs/148883-senior-cyber-incident-response-engineer.md)

Company DescriptionNBCUniversal is one of the world’s leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 140k-175k/year*
![Voyage Privé logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/07/2b1f24db-221.png)

Voyage Privé

### [Security Engineer – Full Remote (France) or Hybrid](https://jobicy.com/jobs/145653-security-engineer-full-remote-france-or-hybrid.md)

Company Description✨ About Voyage PrivéBorn in France in 2006, Voyage Privé has grown from an ambitious startup into becoming the Europe’s leading travel tech platform. Operating across 9 markets with…

![France flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/fr.svg)
FR•Full TimeNEW*
![Southwest Airlines logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/4205621b-221.png)

Southwest Airlines

### [Sr Manager Cybersecurity](https://jobicy.com/jobs/148820-sr-manager-cybersecurity.md)

Department:TechnologyOur Company PromiseWe are committed to provide our Employees a stable work environment with equal opportunity for learning and personal growth. Creativity and innovation are encouraged for improving the effectiveness…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 177,050-196,700/year*
![Liberty Mutual logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2021/08/a0f68d769896c0f098621799a6396382.jpeg)

Liberty Mutual

### [Assistant Director or Director, Global Cyber Insurance Strategy & Alignment](https://jobicy.com/jobs/148623-assistant-director-or-director-global-cyber-insurance-strategy-alignment.md)

Description Liberty Mutual Insurance is seeking a dynamic and highly motivated Assistant Director or Director to join our Global Cyber Insurance Strategy & Alignment team. This multifaceted role blends program…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeJul 3*
![ERNI logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2026/07/e3fa52100780-221.webp)

ERNI

### [Cybersecurity Analyst (Entry Level)](https://jobicy.com/jobs/148516-cybersecurity-analyst-entry-level.md)

ERNI is a fast-growing Software Development company headquartered and founded in Switzerland in 1994, with more than 800 employees. We are highly specialized in IT & software engineering to enable and…

![Philippines flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/ph.svg)
PH•Full TimeJul 3*
![Smartsheet logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/8b6103bd-221.jpg)

Smartsheet

### [Senior Security Engineer II, Application Security (Remote Eligible)](https://jobicy.com/jobs/147873-senior-security-engineer-ii-application-security-remote-eligible.md)

For over 20 years, Smartsheet has empowered teams to manage work seamlessly and scale solutions smarter. Now, in our most ambitious chapter yet, we are uniting human teams with AI…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 175k-245k/year*
![Vercel logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/a6aded72-221.png)

Vercel

### [Security Software Engineer, IAM](https://jobicy.com/jobs/147750-security-software-engineer-iam.md)

About Vercel: Vercel is the agentic infrastructure company. We free people and agents to ship what’s next. For more than a decade, Vercel has shaped how the web is built….

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 208k-312k/year*
![Synthesia logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2026/06/c69aad11-221.webp)

Synthesia

### [Application Security Engineering Manager](https://jobicy.com/jobs/146803-application-security-engineering-manager.md)

Synthesia is the world’s leading AI video platform for business, used by over 90% of the Fortune 100. Founded in 2017, the company is headquartered in London, with offices and…

![UK flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/gb.svg)

![Europe flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/eu.svg)
GB, EU•Full TimeJun 16*
![Nebius logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2026/06/d90c0566-221.webp)

Nebius

### [Application Security Engineer](https://jobicy.com/jobs/146769-application-security-engineer-2.md)

About Nebius: Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from…

![UK flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/gb.svg)

![Europe flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/eu.svg)
GB, EU +3 more, DE, NL, CZ•Full TimeEUR 75k-240k/year*
![Experian logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2021/09/dcc5b29a570bb19b9f5c3e150db2fdfe.jpg)

Experian

### [Cyber Defense Senior Analyst](https://jobicy.com/jobs/146651-cyber-defense-senior-analyst.md)

Company DescriptionExperian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare,…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeJun 16
[More Jobs](https://jobicy.com/jobs.md)