Logo for Nebius

Offensive Security Lead

Role overview

Qualifications

  • 6+ years in offensive security - penetration testing, red teaming, or adversary simulation
  • Deep experience attacking cloud-native environments: Kubernetes privilege escalation, cloud IAM abuse, virtualization and container escapes
  • Proficiency developing custom tooling and post-exploitation capabilities (Python, Go, or similar)
  • Ability to write clear, senior-level reports with business-contextualized risk

Responsibilities

  • Build and lead a red team function within Product Security Team, hiring and developing offensive security engineers
  • Validate and extend early-stage Secure SDLC threat models via continuous penetration testing
  • Plan and execute full-scoped red team engagements against Nebius cloud platform
  • Conduct targeted assessments of new products and infrastructure changes before they ship

About the company

Nebius logo

Nebius

Artificial Intelligence & Machine Learning Services

We have a big ambition: to create a world-class ecosystem of full-fledged cloud and AI-driven solutions for the B2B market. Platform that empowers market leaders to create their own local cloud platforms. ML-centric cloud that provides developers with the environment for AI projects of any scale and complexity.

Company details

Company typeScaleup
IndustryArtificial Intelligence & Machine Learning Services
Company size201 - 500

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

About Nebius:

Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.

Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.

Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.

Offensive security

The internal offensive security team is responsible for the penetration testing program, red team engagements, and offensive research aimed at uncovering sophisticated attack scenarios targeting high-value assets across the Nebius Cloud stack.

The Role

We're hiring an Offensive Security Lead to build and run Nebius' red team capability. You'll design and execute adversarial simulation across our cloud platform - attacking the same infrastructure our customers depend on - and translate findings into measurable security improvements.

This is a hands-on leadership role within Product Security Team. You will build an internal red team, establish a penetration testing program, and conduct research to uncover sophisticated attack scenarios targeting high-value assets across the Nebius tech stack.


What you’ll do

  • Build and lead a red team function within Product Security Team, hiring and developing offensive security engineers.

  • Validate and extend early-stage Secure SDLC threat models via continuous penetration testing, assessing threat severity and mitigation status while challenging assumptions made during threat modeling and system development. Automate routine validations to keep pace with increasing feature flow, reserving manual analysis for genuinely complex cases.

  • Plan and execute full-scoped red team engagements against Nebius cloud platform - including compute, storage, inference, networking, orchestration layers, and internal tooling. Identify threats, which are able to impact an organization's operations. Work closely with Detection & Response and other security engineering teams to run purple team exercises, validate detection coverage, and close gaps collaboratively.

  • Research novel attacks against GPU infrastructure (e.g., closed-source firmware and vendor driver binaries, device passthrough exploits, SR-IOV/IOMMU misconfigurations, RDMA/InfiniBand fabric attacks, etc.), the inference stack (e.g., vLLM, TRT-LLM), and AI platform managed services (e.g., managed Slurm). Assess tenant-isolation boundaries and how they can be broken at the low-level stack

  • Conduct targeted assessments of new products and infrastructure changes before they ship.

  • Deliver clear, actionable reports for both technical audiences and leadership - with prioritized findings and remediation guidance.

  • Establish red team processes, tooling, and a methodology that scales as the platform grows.


What we’re looking for

  • 6+ years in offensive security - penetration testing, red teaming, or adversary simulation - with at least 1-2 years leading or mentoring a team.

  • Deep experience attacking cloud-native environments: Kubernetes privilege escalation, cloud IAM abuse, virtualization and container escapes.

  • Strong fundamentals across the attack lifecycle: initial access, persistence, lateral movement, data exfiltration.

  • Proficiency developing custom tooling and post-exploitation capabilities (Python, Go, or similar).

  • Experience running purple team exercises and working constructively with blue teams.

  • Ability to write clear, senior-level reports with business-contextualized risk (not just raw findings) that engineers can easily use.


Nice to have:

  • Experience attacking ML infrastructure, model serving pipelines, or GPU clusters.

  • Reverse engineering and exploits development experience

  • Application security experience

  • Familiarity with eBPF bypass techniques or kernel-level exploitation.

  • Background in vulnerability research or CVE discovery.

  • Experience with cloud provider internals (hypervisor/networking layers).

  • Presenting your security research at conferences like BlackHat/DefCon, etc.


Why this role at Nebius

  • Build a red team from scratch at a company operating frontier AI infrastructure.

  • Attack surface that's genuinely novel - GPU clusters, AI platforms, multi-tenant cloud at scale.

  • Work alongside world-class engineers on infrastructure that powers frontier AI.

  • Competitive compensation with equity upside in a Nasdaq-listed, high-growth company.

  • Flexible, remote-first culture

 

#LI-CP1

Benefits & Perks:

  • Competitive compensation
  • Career growth and learning opportunities
  • Flexibility and ownership
  • Collaborative and innovative culture
  • Opportunity to work on impactful AI projects
  • International environment and talented teams

What's it like to work at Nebius:

Fast moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI 

Equal Opportunity Statement:

Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.

Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire. 

If you need accommodations during the application process, please let us know.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
Β·

Related jobs

Other jobs at Nebius

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.