# Offensive Security Lead

Remote from[Europe](https://jobicy.com/job-region/europe.md)Annual salary Undisclosed Salary information is not provided for this position.
Check our [Salary Directory](https://jobicy.com/salaries.md) to estimate the average compensation for similar roles.Department  [Cybersecurity](https://jobicy.com/categories/cybersecurity.md) Employment type Full Time, Job posted16 Jul 2026Apply before16 Aug 2026Experience level  Senior
Views / Applies 27 / 0 [About company](https://jobicy.com/company/nebius.md)

* Share About [Nebius](https://jobicy.com/company/nebius.md)

Nebius is the AI cloud company, delivering a unified platform that spans the complete AI journey from data and model training and tuning to production runtime and deployment.

[Computer Software](https://jobicy.com/company-category/software.md)
*  2023

Actively Hiring  Verified job posting This job post has been [manually reviewed](https://jobicy.com/tools/help-center/employee/how-does-jobicy-verify-the-legitimacy-of-remote-job-listings.md) for authenticity and compliance.

###  AI Summary

Nebius is seeking an Offensive Security Lead to build and run its internal red team within the Product Security Team. This hands-on leadership role involves designing and executing adversarial simulations across the cloud platform, including GPU infrastructure, inference stacks, and managed services. The candidate will establish a penetration testing program, conduct research on novel attack scenarios, and work closely with Detection & Response teams. Responsibilities include hiring offensive security engineers, automating validations, and delivering actionable reports to both technical and leadership audiences. Ideal for those with deep cloud-native security expertise and a passion for leading offensive security efforts.

### Role DNA

Job Complexity Easy Hard Pace & Pressure Relaxed Fast-paced Autonomy Level Guided Full Ownership Communication Load Independent Highly Collaborative

AI Insight This role requires advanced offensive security skills, leadership experience, and the ability to handle complex cloud-native environments, making it one of the hardest positions in cybersecurity.

### Salary Analysis

Median  Market Rate  $200,000US Market $150k – 280k 0 $308k      AI Insight The salary for this role is not specified, but for a senior Offensive Security Lead in the US market, the typical range is $150,000-$280,000 per year. The median of $200,000 is competitive for a hands-on leadership position in a high-growth cloud infrastructure company.

### Core Skills Required

[Red Teaming](https://jobicy.com/jobs?search_keywords=Red+Teaming.md) [Penetration Testing](https://jobicy.com/jobs?search_keywords=Penetration+Testing.md) [Cloud Security](https://jobicy.com/jobs?search_keywords=Cloud+Security.md) [Kubernetes Security](https://jobicy.com/jobs?search_keywords=Kubernetes+Security.md) [Adversary Simulation](https://jobicy.com/jobs?search_keywords=Adversary+Simulation.md) [Purple Team](https://jobicy.com/jobs?search_keywords=Purple+Team.md) [CI/CD Security](https://jobicy.com/jobs?search_keywords=CICD+Security.md) [GPU Infrastructure](https://jobicy.com/jobs?search_keywords=GPU+Infrastructure.md) [Exploit Development](https://jobicy.com/jobs?search_keywords=Exploit+Development.md) [Security Leadership](https://jobicy.com/jobs?search_keywords=Security+Leadership.md)

### Cover Letter Sample

Dear Hiring Manager,

I am thrilled to apply for the Offensive Security Lead position at Nebius. With over 6 years of offensive security experience, including leading red teams and conducting adversarial simulations in cloud-native environments, I am confident in my ability to build and run your red team function. My expertise in Kubernetes privilege escalation, IAM abuse, and custom tooling aligns perfectly with the challenges of securing your AI cloud platform.

I have a proven track record of collaborating with detection and response teams to close security gaps and delivering clear, actionable reports for both technical and executive audiences. I am eager to bring my leadership and technical skills to Nebius to help protect the infrastructure that powers the global AI economy. Thank you for considering my application.

Copy

### Sample Interview Questions

Describe a time you led a red team engagement that uncovered a critical vulnerability in a cloud platform. How did you manage the remediation process?In a previous role, I led a red team engagement against a multi-tenant Kubernetes environment. We discovered a misconfigured RBAC policy that allowed privilege escalation across namespaces. I worked with the platform team to prioritize the fix, provided a detailed report with mitigation steps, and validated the patch with a follow-up test. The engagement improved their security posture significantly.How would you approach building a red team from scratch at Nebius? What are your first steps?I would start by understanding the existing security posture, including the CI/CD pipeline, cloud architecture, and incident response capabilities. Then, I would define the scope for initial engagements, hire experienced offensive security engineers, and develop a methodology that balances automation with manual testing. I would also establish relationships with the detection team to plan purple exercises.What is your experience with attacking GPU infrastructure or ML serving systems?I have conducted research on GPU isolation mechanisms, including IOMMU and SR-IOV misconfigurations, and have exploited vulnerabilities in model serving frameworks like vLLM. In one project, I demonstrated a side-channel attack that leaked data across GPU partitions. I stay updated on the latest ML infrastructure attacks and adapt my testing accordingly.How do you ensure your red team findings are actionable for both engineers and leadership?I tailor the report format for different audiences: for engineers, I focus on technical details, reproduction steps, and specific fixes; for leadership, I present business risk, remediation priorities, and timelines. I use a risk scoring system that aligns with the organization's tolerance and always include a clear action plan.Explain how you would conduct a purple team exercise with the Detection & Response team. What metrics do you use to measure success?I would first define a realistic threat scenario based on our threat model. During the exercise, we simulate the attack while the blue team monitors and responds. Success metrics include detection time, response effectiveness, and the number of gaps identified. After the exercise, we debrief and improve both detection signatures and defensive measures.  About Nebius:

Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.

Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.

Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.

### Offensive security

The internal offensive security team is responsible for the penetration testing program, red team engagements, and offensive research aimed at uncovering sophisticated attack scenarios targeting high-value assets across the Nebius Cloud stack.

### The Role

We’re hiring an Offensive Security Lead to build and run Nebius’ red team capability. You’ll design and execute adversarial simulation across our cloud platform – attacking the same infrastructure our customers depend on – and translate findings into measurable security improvements.

This is a hands-on leadership role within Product Security Team. You will build an internal red team, establish a penetration testing program, and conduct research to uncover sophisticated attack scenarios targeting high-value assets across the Nebius tech stack.

### What you’ll do

* Build and lead a red team function within Product Security Team, hiring and developing offensive security engineers.
* Validate and extend early-stage Secure SDLC threat models via continuous penetration testing, assessing threat severity and mitigation status while challenging assumptions made during threat modeling and system development. Automate routine validations to keep pace with increasing feature flow, reserving manual analysis for genuinely complex cases.
* Plan and execute full-scoped red team engagements against Nebius cloud platform – including compute, storage, inference, networking, orchestration layers, and internal tooling. Identify threats, which are able to impact an organization’s operations. Work closely with Detection & Response and other security engineering teams to run purple team exercises, validate detection coverage, and close gaps collaboratively.
* Research novel attacks against GPU infrastructure (e.g., closed-source firmware and vendor driver binaries, device passthrough exploits, SR-IOV/IOMMU misconfigurations, RDMA/InfiniBand fabric attacks, etc.), the inference stack (e.g., vLLM, TRT-LLM), and AI platform managed services (e.g., managed Slurm). Assess tenant-isolation boundaries and how they can be broken at the low-level stack
* Conduct targeted assessments of new products and infrastructure changes before they ship.
* Deliver clear, actionable reports for both technical audiences and leadership – with prioritized findings and remediation guidance.
* Establish red team processes, tooling, and a methodology that scales as the platform grows.

### What we’re looking for

* 6+ years in offensive security – penetration testing, red teaming, or adversary simulation – with at least 1-2 years leading or mentoring a team.
* Deep experience attacking cloud-native environments: Kubernetes privilege escalation, cloud IAM abuse, virtualization and container escapes.
* Strong fundamentals across the attack lifecycle: initial access, persistence, lateral movement, data exfiltration.
* Proficiency developing custom tooling and post-exploitation capabilities (Python, Go, or similar).
* Experience running purple team exercises and working constructively with blue teams.
* Ability to write clear, senior-level reports with business-contextualized risk (not just raw findings) that engineers can easily use.

### Nice to have

* Experience attacking ML infrastructure, model serving pipelines, or GPU clusters.
* Reverse engineering and exploits development experience
* Application security experience
* Familiarity with eBPF bypass techniques or kernel-level exploitation.
* Background in vulnerability research or CVE discovery.
* Experience with cloud provider internals (hypervisor/networking layers).
* Presenting your security research at conferences like BlackHat/DefCon, etc.

### Why this role at Nebius

* Build a red team from scratch at a company operating frontier AI infrastructure.
* Attack surface that’s genuinely novel – GPU clusters, AI platforms, multi-tenant cloud at scale.
* Work alongside world-class engineers on infrastructure that powers frontier AI.
* Competitive compensation with equity upside in a Nasdaq-listed, high-growth company.
* Flexible, remote-first culture

#LI-CP1

Benefits & Perks:

* Competitive compensation
* Career growth and learning opportunities
* Flexibility and ownership
* Collaborative and innovative culture
* Opportunity to work on impactful AI projects
* International environment and talented teams

What’s it like to work at Nebius:

Fast moving – Bold thinking – Constant growth – Meaningful impact – Trust and real ownership – Opportunity to shape the future of AI

Equal Opportunity Statement:

Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.

Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire.

If you need accommodations during the application process, please let us know.

Show more

[Apply now >](https://jobicy.com/jobs/149365-offensive-security-lead.md)

>  Annual salary information is not provided for this position. Explore salary ranges for similar roles in our [Salary Directory ›](https://jobicy.com/salaries.md)

*

![Upload CV](data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2NSIgaGVpZ2h0PSI2NSIgZmlsbD0ibm9uZSIgeG1sbnM6dj0iaHR0cHM6Ly92ZWN0YS5pby9uYW5vIj48ZyBjbGlwLXBhdGg9InVybCgjQSkiPjxwYXRoIGQ9Ik0wIDBINjVWNjVIMFYwWiIgZmlsbD0iIzAyOWFlYiIvPjxnIGZpbGw9IiNmZmYiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLXdpZHRoPSIyIj48cGF0aCBkPSJNMzMuMDQ5IDE1LjQ1NGExLjQzIDEuNDMgMCAwIDAtMi4wOTcgMGwtNy41NzkgOC4xNDdhMS4zOCAxLjM4IDAgMCAwIC4wOSAxLjk3MyAxLjQ0IDEuNDQgMCAwIDAgMi4wMDgtLjA4OGw1LjEwOS01LjQ5MnYyMC42MWExLjQxIDEuNDEgMCAwIDAgMS40MjEgMS4zOTdjLjc4NSAwIDEuNDIxLS42MjUgMS40MjEtMS4zOTd2LTIwLjYxbDUuMTA5IDUuNDkyYTEuNDQgMS40NCAwIDAgMCAyLjAwOC4wODggMS4zOCAxLjM4IDAgMCAwIC4wOS0xLjk3M2wtNy41NzktOC4xNDZ6TTE2Ljc2OSAzOC40YzAtLjc3My0uNjItMS40LTEuMzg1LTEuNFMxNCAzNy42MjcgMTQgMzguNHYuMTAybC4yMTUgNi4yMjljLjIyMyAxLjY4LjcwMSAzLjA5NSAxLjgxMyA0LjIxOHMyLjUxIDEuNjA3IDQuMTcyIDEuODMzYzEuNi4yMTggMy42MzYuMjE4IDYuMTYuMjE4aDExLjI4bDYuMTYtLjIxOGMxLjY2Mi0uMjI2IDMuMDYxLS43MDkgNC4xNzItMS44MzNzMS41ODktMi41MzggMS44MTMtNC4yMThDNTAgNDMuMTEzIDUwIDQxLjA1NSA1MCAzOC41MDNWMzguNGMwLS43NzMtLjYyLTEuNC0xLjM4NS0xLjRzLTEuMzg1LjYyNy0xLjM4NSAxLjRsLS4xOSA1Ljk1OGMtLjE4MiAxLjM3LS41MTUgMi4wOTUtMS4wMjYgMi42MTJzLTEuMjI4Ljg1My0yLjU4MyAxLjAzOGMtMS4zOTUuMTktMy4yNDMuMTkzLTUuODkzLjE5M0gyNi40NjJjLTIuNjUgMC00LjQ5OC0uMDAzLTUuODkzLS4xOTMtMS4zNTUtLjE4NC0yLjA3Mi0uNTIxLTIuNTgzLTEuMDM4cy0uODQ0LTEuMjQyLTEuMDI2LTIuNjEyYy0uMTg3LTEuNDEtLjE5MS0zLjI3OS0uMTkxLTUuOTU4eiIvPjwvZz48L2c+PGRlZnM+PGNsaXBQYXRoIGlkPSJBIj48cGF0aCBmaWxsPSIjZmZmIiBkPSJNMCAwaDY1djY1SDB6Ii8+PC9jbGlwUGF0aD48L2RlZnM+PC9zdmc+)

### Upload your resume now

To unlock remote work opportunities and be discovered by global employers.

This job listing has been manually reviewed by the Jobicy Trust & Safety Team for compliance with our posting guidelines, including verification of the company's legitimacy, accuracy of job details, clarity of remote work policy, and absence of misleading or fraudulent content.

## How to apply

## See a few more

Similar Cybersecurity remote jobs

*
![Nebius logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2026/06/d90c0566-221.webp)

Nebius

### [Vulnerability Operation Center Lead](https://jobicy.com/jobs/149362-vulnerability-operation-center-lead.md)

About Nebius: Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from…

![Europe flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/eu.svg)
EU•Full TimeNEW*
![Fivetran logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/3b8e4532-221-1.jpg)

Fivetran

### [Lead Sales Engineering Specialist – Security](https://jobicy.com/jobs/146498-lead-sales-engineering-specialist-security.md)

From Fivetran’s founding until now, our mission has remained the same: to make access to data as simple and reliable as electricity. With Fivetran, customer data arrives in their warehouses,…

![EMEA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/emea.svg)

![Ireland flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/ie.svg)
EMEA, IE•Full TimeNEW*
![Nymbus logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/b7cd9ff9-221.png)

Nymbus

### [Card Fraud Specialist](https://jobicy.com/jobs/145915-card-fraud-specialist.md)

Nymbus (https://nymbus.com/) isn’t just a leader in fintech; we’re a community of innovators passionate about reimagining banking. Our award-winning modern core platform and cloud-based technology serve as the backbone for…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 50k-55k/year*
![Truelogic logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/e7ae6cb6-221-1.png)

Truelogic

### [Senior SecOps Automation Engineer – Consumer FinTech](https://jobicy.com/jobs/146284-senior-secops-automation-engineer-consumer-fintech.md)

About TruelogicAt Truelogic we are a leading provider of nearshore staff augmentation services headquartered in New York. For over two decades, we’ve been delivering top-tier technology solutions to companies of…

![LATAM flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/latam.svg)
LATAM•Full TimeJul 14*
![GitLab logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2020/12/WRILS-201207055737-109952.jpg)

GitLab

### [Senior Security Engineer, Security Incident Response Team (SIRT) – EMEA](https://jobicy.com/jobs/149309-senior-security-engineer-security-incident-response-team-sirt-emea.md)

GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50…

![EMEA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/emea.svg)
EMEA•Full TimeJul 14*
![DoorDash logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/82fc4967-221-1.jpeg)

DoorDash

### [Enterprise Security Engineer](https://jobicy.com/jobs/145862-enterprise-security-engineer.md)

About the TeamEnterprise Security is the primary point of contact for employee-focused security across DoorDash, Wolt, and Deliveroo. We deliver secure-by-default systems, processes, and controls for everyone who works here,…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 130,600-192k/year*
![Fortis Games logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/178ae213-221.png)

Fortis Games

### [Sr Security Operations Engineer, Detection and Response](https://jobicy.com/jobs/145947-sr-security-operations-engineer-detection-and-response.md)

Who we are At Fortis Games we aspire to make great games that bring people together while redefining how game companies work. We believe in building a sense of belonging…

![UK flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/gb.svg)

![Canada flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/ca.svg)
GB, CA•Full TimeJul 12*
![Sporty Group logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/8e6c246a-221.png)

Sporty Group

### [Identity & PAM Security Engineer](https://jobicy.com/jobs/146055-identity-pam-security-engineer.md)

About the roleThis team is responsible for the security, stability, and scalability of the company’s software systems and infrastructure. We monitor system performance, identify and mitigate risks, and ensure our…

![Europe flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/eu.svg)
EU•Full TimeJul 12*
![Pair Team logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/105c0d0c-221.png)

Pair Team

### [Senior Security Engineer](https://jobicy.com/jobs/146199-senior-security-engineer.md)

About Pair TeamPair Team is building a new kind of healthcare system across Medicaid, Medicare, and public assistance programs: one that recognizes that access to housing, nutritious food, and reliable…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 170k-190k/year*
![Sporty Group logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/8e6c246a-221.png)

Sporty Group

### [Offensive Security Engineer](https://jobicy.com/jobs/149060-offensive-security-engineer.md)

About the roleMission Strengthen Sporty’s offensive security posture by proactively testing and identifying vulnerabilities across our external perimeter, standalone virtual private servers (VPS), physical office infrastructure, and endpoint defenses. The…

![Europe flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/eu.svg)
EU•Full TimeJul 9
[More Jobs](https://jobicy.com/jobs.md)