# Vulnerability Operation Center Lead

Remote from[Europe](https://jobicy.com/job-region/europe.md)Annual salary Undisclosed Salary information is not provided for this position.
Check our [Salary Directory](https://jobicy.com/salaries.md) to estimate the average compensation for similar roles.Department  [Cybersecurity](https://jobicy.com/categories/cybersecurity.md) Employment type Full Time, Job posted16 Jul 2026Apply before16 Aug 2026Experience level  Senior
Views / Applies 22 / 2 [About company](https://jobicy.com/company/nebius.md)

* Share About [Nebius](https://jobicy.com/company/nebius.md)

Nebius is the AI cloud company, delivering a unified platform that spans the complete AI journey from data and model training and tuning to production runtime and deployment.

[Computer Software](https://jobicy.com/company-category/software.md)
*  2023

Actively Hiring  Verified job posting This job post has been [manually reviewed](https://jobicy.com/tools/help-center/employee/how-does-jobicy-verify-the-legitimacy-of-remote-job-listings.md) for authenticity and compliance.

###  AI Summary

Nebius is seeking a Vulnerability Operation Center Lead to build and lead a new vulnerability management team from the ground up. The role involves owning the full vulnerability lifecycle, from detection and triage to remediation tracking and reporting across cloud infrastructure, product, and hardware stacks. The ideal candidate will improve automated triaging, define processes, select tooling, and drive remediation accountability. This senior position requires 5–8 years in information security with at least 3 years in vulnerability management or security operations. The role offers high ownership and impact in a fast-paced, collaborative environment.

### Role DNA

Job Complexity Easy Hard Pace & Pressure Relaxed Fast-paced Autonomy Level Guided Full Ownership Communication Load Independent Highly Collaborative

AI Insight This role involves building a new Vulnerability Operations Center from scratch, requiring deep expertise in vulnerability management, cloud infrastructure, and cross-team coordination. The complexity of defining processes, selecting tooling, and handling critical zero-days makes it the hardest level.

### Salary Analysis

Median  Highly Competitive  $160,000US Market $120k – 200k 0 $220k      AI Insight The salary range is not provided, but based on the seniority and responsibilities (5-8 years experience, building a new team), the market median for similar roles is approximately $160,000. The offered salary may vary based on location and experience, but is expected to be competitive within the US market.

### Core Skills Required

[Vulnerability Management](https://jobicy.com/jobs?search_keywords=Vulnerability+Management.md) [Security Operations](https://jobicy.com/jobs?search_keywords=Security+Operations.md) [Cloud Security](https://jobicy.com/jobs?search_keywords=Cloud+Security.md) [Risk Prioritization](https://jobicy.com/jobs?search_keywords=Risk+Prioritization.md) [CVSS/EPSS/SSVC](https://jobicy.com/jobs?search_keywords=CVSSEPSSSSVC.md) [Automation](https://jobicy.com/jobs?search_keywords=Automation.md) [Incident Response](https://jobicy.com/jobs?search_keywords=Incident+Response.md) [SIEM/SOAR](https://jobicy.com/jobs?search_keywords=SIEMSOAR.md) [Cross-functional Collaboration](https://jobicy.com/jobs?search_keywords=Crossfunctional+Collaboration.md)

### Cover Letter Sample

Dear Hiring Manager,

I am excited to apply for the Vulnerability Operation Center Lead position at Nebius. With over 7 years of experience in information security and a strong focus on vulnerability management, I have a proven track record of building and leading teams that drive effective remediation. I am particularly drawn to the opportunity to design and implement a new VOC from the ground up, aligning with Nebius's innovative AI cloud infrastructure.

In my previous role, I led vulnerability triage and remediation for a large cloud environment, reducing mean time to remediate by 40% through process automation and cross-team collaboration. I have deep expertise in risk-based prioritization frameworks like CVSS, EPSS, and SSVC, and I am adept at integrating threat intelligence feeds to improve data quality.

I am confident that my hands-on experience with cloud-native environments and my strategic approach to vulnerability management will enable me to make an immediate impact at Nebius. I look forward to the opportunity to discuss how I can contribute to your team.

Sincerely,
[Your Name]

Copy

### Sample Interview Questions

How would you approach building a vulnerability management program from scratch in a cloud-native environment?I would start by understanding the organization's assets and risk appetite, then define a vulnerability management policy. I'd select tools for scanning and prioritization, establish a triage process, and set up metrics like mean time to remediate. Automation and integration with existing workflows would be key to scalability.Describe a time you had to drive remediation for a critical zero-day vulnerability across multiple engineering teams.In my previous role, a critical zero-day in a widely used library required immediate patching. I coordinated with engineering to identify affected systems, prioritized based on asset criticality, and established a war room. We patched all critical systems within 48 hours and improved our zero-day response playbook.How do you prioritize vulnerabilities when dealing with thousands of findings?I use a risk-based approach combining CVSS, EPSS, SSVC, and asset criticality. I filter out false positives using contextual data and automation. I also consider exploitability and business impact, and I work with stakeholders to adjust priorities based on their feedback.What metrics would you track to measure the effectiveness of a vulnerability management program?Key metrics include mean time to detect (MTTD), mean time to remediate (MTTR),% of vulnerabilities patched within SLA, vulnerability backlog count, and false positive reduction rate. I also track trends in critical vulnerability discovery and remediation velocity.How would you integrate threat intelligence feeds into your vulnerability triage process?I would ingest feeds from sources like CISA, threat intelligence platforms, and crowd-sourced data. I'd correlate them with our asset inventory and prioritize vulnerabilities associated with active exploits. Automation can enrich findings with exploitability context and trigger alerts for high-risk items.  About Nebius:

Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.

Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.

Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.

### Vulnerability Operation Center

The team maintains the full vulnerability management lifecycle – from detection and triage through remediation tracking and reporting – across Nebius’s cloud infrastructure, product, and hardware stack. The team’s focus is on improving vulnerability triaging capabilities and vulnerability data quality, driving effective remediation, and serving as the first line of response for the most critical zero-day vulnerabilities.

### The role

We’re building a Vulnerability Operations Center from the ground up and need a senior practitioner to lead it. You’ll own the full vulnerability management lifecycle – from detection through triage to remediation tracking and reporting – across Nebius’ cloud infrastructure, product and hardware stack. This is a high-impact role with big ownership: you’ll define processes, select tooling, work directly with engineering teams, and set the standard for how Nebius responds to vulnerabilities.

### What You’ll Do

* Improve and maintain automated vulnerability triaging capabilities and vulnerability data quality through data enrichment (internal and external intelligence feeds), quality metrics, AI-assisted triage, context-aware risk scoring, and vulnerability correlation/chaining.
* Hands-on validation and triaging of most critical/zero-days vulnerabilities
* Work closely with vulnerability data consumers and stakeholders across the organization to meet engineering, compliance, and regulatory requirements by delivering high-quality, actionable findings and driving effective remediation.
* Contribute to the development of internal platforms, including the Unified Vulnerability Management (UVM) system and the security orchestration platform, to automate core vulnerability management workflows and reduce manual effort.
* Identify current deficiencies in patch management, drive and oversee improvements across engineering teams and business units to improve remediation efficiency and reduce organizational risk
* Own vulnerability intake from all sources – scanners, bug bounty, threat intel feeds, and penetration tests
* Prioritize findings using risk-based frameworks (CVSS, EPSS, SSVC, asset criticality, exploitability context, business impact) and reduce false positive noise
* Drive remediation accountability across infrastructure, platform, and product engineering teams
* Identify, track and report vulnerability management metrics, present KPIs and trends to security leadership
* Coordinate response to critical/zero-day vulnerabilities, acting as the primary point of contact across security, engineering, and operations
* Define and maintain integration between VOC tooling and the broader security ecosystem.

### What We’re Looking For

* 5–8 years in information security with at least 3 years focused on vulnerability management or security operations
* Deep familiarity with vulnerability scanning tools and their strengths/limitations in cloud-native environments
* Strong grasp of CVE/NVD, CVSS scoring, EPSS, SSVC and how to apply them to real-world prioritization
* Experience managing vulnerabilities across IaaS/cloud infrastructure (AWS, GCP, Azure, or private cloud) – experience with GPU/HPC environments is a plus
* Deep understanding of vulnerability sources limitations and corner cases for different vulnerability classes
* Able to write and review code (ability or willingness to develop in Golang) – well enough to assess exploitability, validate fixes, and build lightweight automation (e.g., variant-detection scripts, triage tooling, data pipelines for trend analysis)
* Strong grasp of common vulnerability classes at the code and infrastructure level.
* Comfortable feeding well-documented vulnerability patterns into AI-assisted code review workflows and critically evaluating the output
* Track record of working cross-functionally with engineering teams and holding stakeholders accountable to timelines without being a bottleneck
* Strong written and verbal communication – able to translate technical risk into business impact for non-security audiences

### Nice to Have

* Experience building vulnerability management program from scratch
* Familiarity with container and Kubernetes security
* Experience with supply chain security (SBOMs, dependency scanning)
* Bug bounty triage experience
* Public talks or research articles

### Why this role at Nebius

* Build a Platform Security Vulnerability program from scratch and get to build and lead your own team while doing it
* The potential to evolve an in-house AI-powered vulnerability management platform into a cloud security offering for Nebius customers
* Work alongside world-class engineers on infrastructure that powers frontier AI.
* Competitive compensation with equity upside in a Nasdaq-listed, high-growth company.
* Flexible, remote-first culture

#LI-CP1

Benefits & Perks:

* Competitive compensation
* Career growth and learning opportunities
* Flexibility and ownership
* Collaborative and innovative culture
* Opportunity to work on impactful AI projects
* International environment and talented teams

What’s it like to work at Nebius:

Fast moving – Bold thinking – Constant growth – Meaningful impact – Trust and real ownership – Opportunity to shape the future of AI

Equal Opportunity Statement:

Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.

Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire.

If you need accommodations during the application process, please let us know.

Show more

[Apply now >](https://jobicy.com/jobs/149362-vulnerability-operation-center-lead.md)

>  Annual salary information is not provided for this position. Explore salary ranges for similar roles in our [Salary Directory ›](https://jobicy.com/salaries.md)

*

![Upload CV](data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2NSIgaGVpZ2h0PSI2NSIgZmlsbD0ibm9uZSIgeG1sbnM6dj0iaHR0cHM6Ly92ZWN0YS5pby9uYW5vIj48ZyBjbGlwLXBhdGg9InVybCgjQSkiPjxwYXRoIGQ9Ik0wIDBINjVWNjVIMFYwWiIgZmlsbD0iIzAyOWFlYiIvPjxnIGZpbGw9IiNmZmYiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLXdpZHRoPSIyIj48cGF0aCBkPSJNMzMuMDQ5IDE1LjQ1NGExLjQzIDEuNDMgMCAwIDAtMi4wOTcgMGwtNy41NzkgOC4xNDdhMS4zOCAxLjM4IDAgMCAwIC4wOSAxLjk3MyAxLjQ0IDEuNDQgMCAwIDAgMi4wMDgtLjA4OGw1LjEwOS01LjQ5MnYyMC42MWExLjQxIDEuNDEgMCAwIDAgMS40MjEgMS4zOTdjLjc4NSAwIDEuNDIxLS42MjUgMS40MjEtMS4zOTd2LTIwLjYxbDUuMTA5IDUuNDkyYTEuNDQgMS40NCAwIDAgMCAyLjAwOC4wODggMS4zOCAxLjM4IDAgMCAwIC4wOS0xLjk3M2wtNy41NzktOC4xNDZ6TTE2Ljc2OSAzOC40YzAtLjc3My0uNjItMS40LTEuMzg1LTEuNFMxNCAzNy42MjcgMTQgMzguNHYuMTAybC4yMTUgNi4yMjljLjIyMyAxLjY4LjcwMSAzLjA5NSAxLjgxMyA0LjIxOHMyLjUxIDEuNjA3IDQuMTcyIDEuODMzYzEuNi4yMTggMy42MzYuMjE4IDYuMTYuMjE4aDExLjI4bDYuMTYtLjIxOGMxLjY2Mi0uMjI2IDMuMDYxLS43MDkgNC4xNzItMS44MzNzMS41ODktMi41MzggMS44MTMtNC4yMThDNTAgNDMuMTEzIDUwIDQxLjA1NSA1MCAzOC41MDNWMzguNGMwLS43NzMtLjYyLTEuNC0xLjM4NS0xLjRzLTEuMzg1LjYyNy0xLjM4NSAxLjRsLS4xOSA1Ljk1OGMtLjE4MiAxLjM3LS41MTUgMi4wOTUtMS4wMjYgMi42MTJzLTEuMjI4Ljg1My0yLjU4MyAxLjAzOGMtMS4zOTUuMTktMy4yNDMuMTkzLTUuODkzLjE5M0gyNi40NjJjLTIuNjUgMC00LjQ5OC0uMDAzLTUuODkzLS4xOTMtMS4zNTUtLjE4NC0yLjA3Mi0uNTIxLTIuNTgzLTEuMDM4cy0uODQ0LTEuMjQyLTEuMDI2LTIuNjEyYy0uMTg3LTEuNDEtLjE5MS0zLjI3OS0uMTkxLTUuOTU4eiIvPjwvZz48L2c+PGRlZnM+PGNsaXBQYXRoIGlkPSJBIj48cGF0aCBmaWxsPSIjZmZmIiBkPSJNMCAwaDY1djY1SDB6Ii8+PC9jbGlwUGF0aD48L2RlZnM+PC9zdmc+)

### Upload your resume now

To unlock remote work opportunities and be discovered by global employers.

This job listing has been manually reviewed by the Jobicy Trust & Safety Team for compliance with our posting guidelines, including verification of the company's legitimacy, accuracy of job details, clarity of remote work policy, and absence of misleading or fraudulent content.

## How to apply

## See a few more

Similar Cybersecurity remote jobs

*
![Nebius logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2026/06/d90c0566-221.webp)

Nebius

### [Offensive Security Lead](https://jobicy.com/jobs/149365-offensive-security-lead.md)

About Nebius: Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from…

![Europe flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/eu.svg)
EU•Full TimeNEW*
![Fivetran logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/3b8e4532-221-1.jpg)

Fivetran

### [Lead Sales Engineering Specialist – Security](https://jobicy.com/jobs/146498-lead-sales-engineering-specialist-security.md)

From Fivetran’s founding until now, our mission has remained the same: to make access to data as simple and reliable as electricity. With Fivetran, customer data arrives in their warehouses,…

![EMEA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/emea.svg)

![Ireland flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/ie.svg)
EMEA, IE•Full TimeNEW*
![Nymbus logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/b7cd9ff9-221.png)

Nymbus

### [Card Fraud Specialist](https://jobicy.com/jobs/145915-card-fraud-specialist.md)

Nymbus (https://nymbus.com/) isn’t just a leader in fintech; we’re a community of innovators passionate about reimagining banking. Our award-winning modern core platform and cloud-based technology serve as the backbone for…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 50k-55k/year*
![Truelogic logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/e7ae6cb6-221-1.png)

Truelogic

### [Senior SecOps Automation Engineer – Consumer FinTech](https://jobicy.com/jobs/146284-senior-secops-automation-engineer-consumer-fintech.md)

About TruelogicAt Truelogic we are a leading provider of nearshore staff augmentation services headquartered in New York. For over two decades, we’ve been delivering top-tier technology solutions to companies of…

![LATAM flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/latam.svg)
LATAM•Full TimeJul 14*
![GitLab logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2020/12/WRILS-201207055737-109952.jpg)

GitLab

### [Senior Security Engineer, Security Incident Response Team (SIRT) – EMEA](https://jobicy.com/jobs/149309-senior-security-engineer-security-incident-response-team-sirt-emea.md)

GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50…

![EMEA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/emea.svg)
EMEA•Full TimeJul 14*
![DoorDash logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/82fc4967-221-1.jpeg)

DoorDash

### [Enterprise Security Engineer](https://jobicy.com/jobs/145862-enterprise-security-engineer.md)

About the TeamEnterprise Security is the primary point of contact for employee-focused security across DoorDash, Wolt, and Deliveroo. We deliver secure-by-default systems, processes, and controls for everyone who works here,…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 130,600-192k/year*
![Fortis Games logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/178ae213-221.png)

Fortis Games

### [Sr Security Operations Engineer, Detection and Response](https://jobicy.com/jobs/145947-sr-security-operations-engineer-detection-and-response.md)

Who we are At Fortis Games we aspire to make great games that bring people together while redefining how game companies work. We believe in building a sense of belonging…

![UK flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/gb.svg)

![Canada flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/ca.svg)
GB, CA•Full TimeJul 12*
![Sporty Group logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/8e6c246a-221.png)

Sporty Group

### [Identity & PAM Security Engineer](https://jobicy.com/jobs/146055-identity-pam-security-engineer.md)

About the roleThis team is responsible for the security, stability, and scalability of the company’s software systems and infrastructure. We monitor system performance, identify and mitigate risks, and ensure our…

![Europe flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/eu.svg)
EU•Full TimeJul 12*
![Pair Team logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/105c0d0c-221.png)

Pair Team

### [Senior Security Engineer](https://jobicy.com/jobs/146199-senior-security-engineer.md)

About Pair TeamPair Team is building a new kind of healthcare system across Medicaid, Medicare, and public assistance programs: one that recognizes that access to housing, nutritious food, and reliable…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 170k-190k/year*
![Sporty Group logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/8e6c246a-221.png)

Sporty Group

### [Offensive Security Engineer](https://jobicy.com/jobs/149060-offensive-security-engineer.md)

About the roleMission Strengthen Sporty’s offensive security posture by proactively testing and identifying vulnerabilities across our external perimeter, standalone virtual private servers (VPS), physical office infrastructure, and endpoint defenses. The…

![Europe flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/eu.svg)
EU•Full TimeJul 9
[More Jobs](https://jobicy.com/jobs.md)