Vulnerability Operation Center Lead
full-time
lead
Posted 20 hours ago
Apply Now
Stand out: build a proof-of-work pitch →
Free GitHub-based preview. Direct apply stays one click away.
Get weekly job alerts like this →Hiring for this role?
AI Market Demand Pack · $29 one-time
Compare this role's skills with the full AI hiring market. Get ranked demand, salary bands, leading companies, public source URLs, and a decision brief.
About this role
About Nebius:
Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.
Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.
Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.
Vulnerability Operation Center
The team maintains the full vulnerability management lifecycle - from detection and triage through remediation tracking and reporting - across Nebius's cloud infrastructure, product, and hardware stack. The team's focus is on improving vulnerability triaging capabilities and vulnerability data quality, driving effective remediation, and serving as the first line of response for the most critical zero-day vulnerabilities.
The role
We're building a Vulnerability Operations Center from the ground up and need a senior practitioner to lead it. You'll own the full vulnerability management lifecycle - from detection through triage to remediation tracking and reporting - across Nebius' cloud infrastructure, product and hardware stack. This is a high-impact role with big ownership: you'll define processes, select tooling, work directly with engineering teams, and set the standard for how Nebius responds to vulnerabilities.
What You'll Do
Improve and maintain automated vulnerability triaging capabilities and vulnerability data quality through data enrichment (internal and external intelligence feeds), quality metrics, AI-assisted triage, context-aware risk scoring, and vulnerability correlation/chaining.
Hands-on validation and triaging of most critical/zero-days vulnerabilities
Work closely with vulnerability data consumers and stakeholders across the organization to meet engineering, compliance, and regulatory requirements by delivering high-quality, actionable findings and driving effective remediation.
Contribute to the development of internal platforms, including the Unified Vulnerability Management (UVM) system and the security orchestration platform, to automate core vulnerability management workflows and reduce manual effort.
Identify current deficiencies in patch management, drive and oversee improvements across engineering teams and business units to improve remediation efficiency and reduce organizational risk
Own vulnerability intake from all sources - scanners, bug bounty, threat intel feeds, and penetration tests
Prioritize findings using risk-based frameworks (CVSS, EPSS, SSVC, asset criticality, exploitability context, business impact) and reduce false positive noise
Drive remediation accountability across infrastructure, platform, and product engineering teams
Identify, track and report vulnerability management metrics, present KPIs and trends to security leadership
Coordinate response to critical/zero-day vulnerabilities, acting as the primary point of contact across security, engineering, and operations
Define and maintain integration between VOC tooling and the broader security ecosystem.
What We're Looking For
5–8 years in information security with at least 3 years focused on vulnerability management or security operations
Deep familiarity with vulnerability scanning tools and their strengths/limitations in cloud-native environments
Strong grasp of CVE/NVD, CVSS scoring, EPSS, SSVC and how to apply them to real-world prioritization
Experience managing vulnerabilities across IaaS/cloud infrastructure (AWS, GCP, Azure, or private cloud) - experience with GPU/HPC environments is a plus
Deep understanding of vulnerability sources limitations and corner cases for different vulnerability classes
Able to write and review code (ability or willingness to develop in Golang) - well enough to assess exploitability, validate fixes, and build lightweight automation (e.g., variant-detection scripts, triage tooling, data pipelines for trend analysis)
Strong grasp of common vulnerability classes at the code and infrastructure level.
Comfortable feeding well-documented vulnerability patterns into AI-assisted code review workflows and critically evaluating the output
Track record of working cross-functionally with engineering teams and holding stakeholders accountable to timelines without being a bottleneck
Strong written and verbal communication - able to translate technical risk into business impact for non-security audiences
Nice to Have
Experience building vulnerability management program from scratch
Familiarity with container and Kubernetes security
Experience with supply chain security (SBOM
Similar Jobs
Related searches:
Get jobs like this delivered weekly
Free AI jobs newsletter. No spam.