Incident Response Lead

Location: Amsterdam, Netherlands

Department: Corporate and Cyber Security

Key Responsibilities

• Lead and coordinate of security incidents across Nebius’ cloud, infrastructure, and corporate environments.
• Act as Incident Commander during major incidents, driving containment, eradication, and recovery efforts.
• Support and maintain clear incident classification, escalation, and decision-making frameworks.
• Ensure 24/7 readiness through on-call structures, runbooks, and playbooks.

• Oversee advanced incident triage and forensic investigations across:
• Cloud platforms
• Network and perimeter security
• Identity and access systems
• Supply chain and third-party risks
• Partner with SOC, Threat Intelligence, and Threat Hunting teams to improve detection fidelity and reduce MTTR.
• Ensure evidence handling meets legal, regulatory, and forensic standards.
• Lead regulatory-ready incident documentation, timelines, and root cause analysis (RCA).
• Support audits, regulatory inquiries, and executive reporting related to security incidents.

• Serve as the primary incident response interface to:
• CISO and executive leadership
• Legal, Privacy, Compliance, and Communications teams
• Infrastructure, Network, IT, Platform, and Engineering leadership
• Deliver clear, factual, and risk-based incident briefings to senior leadership.
• Support customer and partner communications when security incidents impact trust or service availability.

• Support Nebius’ incident response program, including:
• Playbooks and runbooks
• Tabletop exercises and simulations
• Red/blue/purple team coordination
• Drive lessons-learned processes and ensure findings result in measurable control improvements.
• Define and track incident response KPIs (MTTD, MTTR, containment effectiveness).

• 8+ years in cybersecurity, with significant hands-on incident response leadership experience.
• Proven experience leading large-scale, high-impact security incidents in cloud or infrastructure-heavy environments.
• Experience operating in regulated or compliance-driven environments (SOC, ISO, financial services, cloud providers, etc.).

• Strong understanding of:
• Cloud security architectures
• Network security, IAM, endpoint security, and logging pipelines
• Threat actor tactics, techniques, and procedures (MITRE ATT&CK)
• Practical experience with SIEM, SOAR, EDR, NDR, and forensic tooling.
• Ability to validate technical findings independently and challenge assumptions.

• Demonstrated ability to lead under pressure and make high-quality decisions with incomplete data.
• Clear, concise communicator capable of briefing executives and non-technical stakeholders.
• Strong cross-functional leadership skills without relying on direct authority.