Vulnerability Operation Center Lead

Remote from
Europe
Annual salary
Undisclosed
Salary information is not provided for this position. Check our Salary Directory to estimate the average compensation for similar roles.
Department
Cybersecurity
Employment type
Full Time,
Job posted
Apply before
16 Aug 2026
Experience level
Senior
Views / Applies
15 / 1

About Nebius

Nebius is the AI cloud company, delivering a unified platform that spans the complete AI journey from data and model training and tuning to production runtime and deployment.

Actively Hiring
Verified job posting
This job post has been manually reviewed for authenticity and compliance.

AI Summary

Nebius is seeking a Vulnerability Operation Center Lead to build and lead a new vulnerability management team from the ground up. The role involves owning the full vulnerability lifecycle, from detection and triage to remediation tracking and reporting across cloud infrastructure, product, and hardware stacks. The ideal candidate will improve automated triaging, define processes, select tooling, and drive remediation accountability. This senior position requires 5–8 years in information security with at least 3 years in vulnerability management or security operations. The role offers high ownership and impact in a fast-paced, collaborative environment.

Role DNA

Job Complexity
Easy Hard
Pace & Pressure
Relaxed Fast-paced
Autonomy Level
Guided Full Ownership
Communication Load
Independent Highly Collaborative
AI Insight This role involves building a new Vulnerability Operations Center from scratch, requiring deep expertise in vulnerability management, cloud infrastructure, and cross-team coordination. The complexity of defining processes, selecting tooling, and handling critical zero-days makes it the hardest level.

Salary Analysis

Median Highly Competitive
$160,000
US Market
$120k – 200k
0 $220k
AI Insight The salary range is not provided, but based on the seniority and responsibilities (5-8 years experience, building a new team), the market median for similar roles is approximately $160,000. The offered salary may vary based on location and experience, but is expected to be competitive within the US market.

Dear Hiring Manager,

I am excited to apply for the Vulnerability Operation Center Lead position at Nebius. With over 7 years of experience in information security and a strong focus on vulnerability management, I have a proven track record of building and leading teams that drive effective remediation. I am particularly drawn to the opportunity to design and implement a new VOC from the ground up, aligning with Nebius's innovative AI cloud infrastructure.

In my previous role, I led vulnerability triage and remediation for a large cloud environment, reducing mean time to remediate by 40% through process automation and cross-team collaboration. I have deep expertise in risk-based prioritization frameworks like CVSS, EPSS, and SSVC, and I am adept at integrating threat intelligence feeds to improve data quality.

I am confident that my hands-on experience with cloud-native environments and my strategic approach to vulnerability management will enable me to make an immediate impact at Nebius. I look forward to the opportunity to discuss how I can contribute to your team.

Sincerely,
[Your Name]

How would you approach building a vulnerability management program from scratch in a cloud-native environment?
I would start by understanding the organization's assets and risk appetite, then define a vulnerability management policy. I'd select tools for scanning and prioritization, establish a triage process, and set up metrics like mean time to remediate. Automation and integration with existing workflows would be key to scalability.
Describe a time you had to drive remediation for a critical zero-day vulnerability across multiple engineering teams.
In my previous role, a critical zero-day in a widely used library required immediate patching. I coordinated with engineering to identify affected systems, prioritized based on asset criticality, and established a war room. We patched all critical systems within 48 hours and improved our zero-day response playbook.
How do you prioritize vulnerabilities when dealing with thousands of findings?
I use a risk-based approach combining CVSS, EPSS, SSVC, and asset criticality. I filter out false positives using contextual data and automation. I also consider exploitability and business impact, and I work with stakeholders to adjust priorities based on their feedback.
What metrics would you track to measure the effectiveness of a vulnerability management program?
Key metrics include mean time to detect (MTTD), mean time to remediate (MTTR),% of vulnerabilities patched within SLA, vulnerability backlog count, and false positive reduction rate. I also track trends in critical vulnerability discovery and remediation velocity.
How would you integrate threat intelligence feeds into your vulnerability triage process?
I would ingest feeds from sources like CISA, threat intelligence platforms, and crowd-sourced data. I'd correlate them with our asset inventory and prioritize vulnerabilities associated with active exploits. Automation can enrich findings with exploitability context and trigger alerts for high-risk items.

About Nebius:

Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.

Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.

Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.

Vulnerability Operation Center

The team maintains the full vulnerability management lifecycle – from detection and triage through remediation tracking and reporting – across Nebius’s cloud infrastructure, product, and hardware stack. The team’s focus is on improving vulnerability triaging capabilities and vulnerability data quality, driving effective remediation, and serving as the first line of response for the most critical zero-day vulnerabilities.

The role

We’re building a Vulnerability Operations Center from the ground up and need a senior practitioner to lead it. You’ll own the full vulnerability management lifecycle – from detection through triage to remediation tracking and reporting – across Nebius’ cloud infrastructure, product and hardware stack. This is a high-impact role with big ownership: you’ll define processes, select tooling, work directly with engineering teams, and set the standard for how Nebius responds to vulnerabilities.

What You’ll Do

  • Improve and maintain automated vulnerability triaging capabilities and vulnerability data quality through data enrichment (internal and external intelligence feeds), quality metrics, AI-assisted triage, context-aware risk scoring, and vulnerability correlation/chaining.
  • Hands-on validation and triaging of most critical/zero-days vulnerabilities
  • Work closely with vulnerability data consumers and stakeholders across the organization to meet engineering, compliance, and regulatory requirements by delivering high-quality, actionable findings and driving effective remediation.
  • Contribute to the development of internal platforms, including the Unified Vulnerability Management (UVM) system and the security orchestration platform, to automate core vulnerability management workflows and reduce manual effort.
  • Identify current deficiencies in patch management, drive and oversee improvements across engineering teams and business units to improve remediation efficiency and reduce organizational risk
  • Own vulnerability intake from all sources – scanners, bug bounty, threat intel feeds, and penetration tests
  • Prioritize findings using risk-based frameworks (CVSS, EPSS, SSVC, asset criticality, exploitability context, business impact) and reduce false positive noise
  • Drive remediation accountability across infrastructure, platform, and product engineering teams
  • Identify, track and report vulnerability management metrics, present KPIs and trends to security leadership
  • Coordinate response to critical/zero-day vulnerabilities, acting as the primary point of contact across security, engineering, and operations
  • Define and maintain integration between VOC tooling and the broader security ecosystem.

What We’re Looking For

  • 5–8 years in information security with at least 3 years focused on vulnerability management or security operations
  • Deep familiarity with vulnerability scanning tools and their strengths/limitations in cloud-native environments
  • Strong grasp of CVE/NVD, CVSS scoring, EPSS, SSVC and how to apply them to real-world prioritization
  • Experience managing vulnerabilities across IaaS/cloud infrastructure (AWS, GCP, Azure, or private cloud) – experience with GPU/HPC environments is a plus
  • Deep understanding of vulnerability sources limitations and corner cases for different vulnerability classes
  • Able to write and review code (ability or willingness to develop in Golang) – well enough to assess exploitability, validate fixes, and build lightweight automation (e.g., variant-detection scripts, triage tooling, data pipelines for trend analysis)
  • Strong grasp of common vulnerability classes at the code and infrastructure level.
  • Comfortable feeding well-documented vulnerability patterns into AI-assisted code review workflows and critically evaluating the output
  • Track record of working cross-functionally with engineering teams and holding stakeholders accountable to timelines without being a bottleneck
  • Strong written and verbal communication – able to translate technical risk into business impact for non-security audiences

Nice to Have

  • Experience building vulnerability management program from scratch
  • Familiarity with container and Kubernetes security
  • Experience with supply chain security (SBOMs, dependency scanning)
  • Bug bounty triage experience
  • Public talks or research articles

Why this role at Nebius

  • Build a Platform Security Vulnerability program from scratch and get to build and lead your own team while doing it
  • The potential to evolve an in-house AI-powered vulnerability management platform into a cloud security offering for Nebius customers
  • Work alongside world-class engineers on infrastructure that powers frontier AI.
  • Competitive compensation with equity upside in a Nasdaq-listed, high-growth company.
  • Flexible, remote-first culture

#LI-CP1

Benefits & Perks:

  • Competitive compensation
  • Career growth and learning opportunities
  • Flexibility and ownership
  • Collaborative and innovative culture
  • Opportunity to work on impactful AI projects
  • International environment and talented teams

What’s it like to work at Nebius:

Fast moving – Bold thinking – Constant growth – Meaningful impact – Trust and real ownership – Opportunity to shape the future of AI 

Equal Opportunity Statement:

Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.

Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire. 

If you need accommodations during the application process, please let us know.

Apply now >

This job listing has been manually reviewed by the Jobicy Trust & Safety Team for compliance with our posting guidelines, including verification of the company's legitimacy, accuracy of job details, clarity of remote work policy, and absence of misleading or fraudulent content.

How to apply

Did you apply? Let us know, and we’ll help you track your application.

See a few more

Similar Cybersecurity remote jobs

Jobs Talent Salaries
Menu