
Offensive Security Lead
NebiusAbout Nebius:
Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.
Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.
Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.
Offensive security
The internal offensive security team is responsible for the penetration testing program, red team engagements, and offensive research aimed at uncovering sophisticated attack scenarios targeting high-value assets across the Nebius Cloud stack.
The Role
We're hiring an Offensive Security Lead to build and run Nebius' red team capability. You'll design and execute adversarial simulation across our cloud platform - attacking the same infrastructure our customers depend on - and translate findings into measurable security improvements.
This is a hands-on leadership role within Product Security Team. You will build an internal red team, establish a penetration testing program, and conduct research to uncover sophisticated attack scenarios targeting high-value assets across the Nebius tech stack.
What you’ll do
- Build and lead a red team function within Product Security Team, hiring and developing offensive security engineers.
- Validate and extend early-stage Secure SDLC threat models via continuous penetration testing, assessing threat severity and mitigation status while challenging assumptions made during threat modeling and system development. Automate routine validations to keep pace with increasing feature flow, reserving manual analysis for genuinely complex cases.
- Plan and execute full-scoped red team engagements against Nebius cloud platform - including compute, storage, inference, networking, orchestration layers, and internal tooling. Identify threats, which are able to impact an organization's operations. Work closely with Detection & Response and other security engineering teams to run purple team exercises, validate detection coverage, and close gaps collaboratively.
- Research novel attacks against GPU infrastructure (e.g., closed-source firmware and vendor driver binaries, device passthrough exploits, SR-IOV/IOMMU misconfigurations, RDMA/InfiniBand fabric attacks, etc.), the inference stack (e.g., vLLM, TRT-LLM), and AI platform managed
Opens the company's application page
Listed via
Jobicy
jobicy.com
Similar roles
Design & Tech
Related reads from TCHNX

The Quiet Revolution in Local-First Software
As major platforms face outages and data breaches, a new generation of developers is building applications that prioritise local data storage and peer-to-peer sync, challenging the cloud-first orthodoxy that's dominated tech for two decades.

The Quiet Revolution in Edge AI: Why Your Next Computer Might Not Need the Cloud
As neural processing units become standard in consumer devices, we're witnessing a fundamental shift in how AI applications work. Local processing is no longer a fallback; it's becoming the preferred architecture.

The Rise of AI-Assisted Code Generation 2: Are Developers Becoming Prompt Engineers?
As AI coding assistants reshape software development, the industry grapples with a fundamental question: is writing code giving way to writing prompts? We examine how London's tech scene is adapting to this seismic shift.

