This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description As a Senior Security Engineer (d/f/m), your responsibilities will include: - Architecting our technical security operations while supporting the general growth and maturity of our information security program. - Driving the implementation of a SIEM, including log ingestion, tuning, and general log/evidence integration across a broad range of product and enterprise technologies. - Detecting, investigating, and resolving security events and incidents to continuously minimize impact and recovery time. - Leading the technical IR lifecycle (including our product) as the Incident Commander, conducting forensics and comprehensive post-incident analysis. - Creating and maintaining comprehensive incident response runbooks and automated response processes to continuously mature the IR program. - Assisting with the broader security posture through code reviews, implementing technical controls, and building checks into our CI/CD pipeline. Qualifications - 5+ years of experience as a product-facing SOC Analyst, Incident Responder, or Security Engineer (or equivalent) in a SaaS/E-commerce environment. - Proven ability to act as Incident Commander in the technical IR lifecycle—preferably for a SaaS/E-commerce product with high uptime and resilience requirements—leading forensics and driving SIEM implementation and tuning. - A proven track record of taking end-to-end ownership in a fast-paced environment, building processes from the ground up, and constantly adjusting to technological and organizational change. - Proficiency in any programming language for scripting, security tooling development, and automating GRC evidence collection. - A Bachelor's or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a closely related technical field. Requirements - Proficiency in Terraform for securing infrastructure, combined with hands-on experience in integrating security testing. - Experience with preventing “rent-seeking” attacks like cybersquatting, sneaker bots, scalping, or grinch bots. - Experience in executing Red Team operations and/or penetration testing, with the ability to effectively collaborate with development teams to drive the remediation of software vulnerabilities. Benefits - We scale sustainably on a profitable, VC-backed foundation with true product-market fit. - Collaborate with over 160 dedicated professionals, including leaders from Google, Slack, and Salesforce. - We’re a diverse, merit-driven team spread across six global offices. - Consistently ranked among the fastest-growing scale-ups in Europe. - Work alongside some of tech’s brightest minds — from Forbes 30 Under 30 founders to Executive of the Year award winners.

• Define the vision and roadmap for Nebius’ security products. • Owning the ideation, postmortem, prioritization, backlog, and customer feedback processes. • Guiding new features, systems and services from inception to launch, while keeping customers at the center of everything. • Lead public-facing communications around security updates or changes in compliance status. • In the event of a security incident, coordinate user messaging (email notifications, press releases, FAQs) with support from the Head of Security Products and CISO. • Gather user feedback on user experience and security to guide continuous improvements. • Conduct ongoing research on industry benchmarks, emerging security standards and technologies, and competitor certifications. • Identify gaps and opportunities in organization’s product security posture; propose strategic initiatives that differentiate the company’s security story in the market. • Stay informed about new regulations or frameworks that may influence future product certifications or transparency requirements (e.g., privacy laws, data sovereignty standards). • Collaborate with the CISO office to gather technical evidence or make necessary product enhancements that satisfy certification requirements. • Take ownership of some security-related services of Cloud platform. • Track and maintain a certification roadmap (ISO 27001, SOC 2, HIPPA, etc.), working closely with CISO, GRC & Compliance, Corporate Security departments. Communicate timelines, goals and status updates to leadership and sales representatives. • Coordinate with multiple Product Managers to align security goals with other product roadmaps, ensuring a consistent narrative between product security and external messaging. • Work with Platform Security, GRC & Corporate Security and legal teams to gather essential information for security products enhancements (e.g., penetration test summaries, compliance reports). • Work with Customer-facing teams to address client inquiries about security posture and guide them on using security features optimally.

• Design, implement, and manage robust security controls and policies within AWS, focusing on the confidentiality, integrity, and availability of data and services. • Perform comprehensive security assessments of our cloud environments to identify vulnerabilities, assess risks, and recommend actionable mitigation strategies. • Lead the integration of security practices into the DevOps lifecycle, promoting secure development, deployment, and operational processes. • Utilize and optimize AWS security tools (such as Amazon GuardDuty, Amazon Inspector, AWS IAM, AWS KMS, AWS WAF, and AWS Shield) and explore third-party solutions to bolster our security posture. • Assist in running and address findings from penetration tests and security audits, and ensuring prompt and effective remediation. • Stay informed about the latest security threats, vulnerabilities, and compliance mandates affecting cloud environments, provide strategic guidance on technologies and best practices. • Provide expert mentorship to junior security team members and engineers across the company, to foster an organizational culture of security awareness and continuous improvement. • Collaborate with stakeholders to integrate security requirements effectively into engineering projects and broader business initiatives.

Responsibilities: Security strategy development: Collaborate with clients to develop and implement effective cybersecurity strategies. Define security frameworks, policies, and roadmaps aligned with clients' business objectives, risk appetite, and industry best practices. Security controls implementation: Design and implement advanced security controls and technologies based on industry standards and regulatory requirements. This may involve configuring and integrating various security tools, such as SIEM, DLP, IDS/IPS, and endpoint protection systems. Security architecture design: Provide expertise in designing secure systems, networks, and cloud environments. Develop security architectures that align with industry best practices, regulatory requirements, and clients' specific needs. Assess and recommend security controls for new technology implementations. Project management: Lead and manage complex cybersecurity projects, ensuring projects are delivered on time, within budget, and meet quality standards. Client relationship management: Develop and maintain strong client relationships. Act as a trusted advisor, provide timely and effective communication, and address client concerns or escalations. Research and thought leadership: Stay updated on the latest cybersecurity trends, emerging threats, and technologies. Conduct research and contribute to thought leadership initiatives, such as whitepapers, industry presentations, and internal training sessions.