Offensive Security Lead

6 hours, 10 minutes ago
Full-time
Lead
DevOps and Infrastructure
Nebius

Nebius

Nebius enables B2B companies to build local hyperscaling cloud platforms with cost-effective GPUs, InfiniBand network, and 50% less compute cost. They offer managed Kubernetes and a launch-ready business model for innovative cloud solutions.

Internet Software & Services
51-250

Description

  • Build and lead a red team function within the Product Security Team, including hiring and developing offensive security engineers.
  • Validate and extend Secure SDLC threat models through continuous penetration testing and automated checks.
  • Plan and execute full-scoped red team engagements across compute, storage, inference, networking, orchestration layers, and internal tooling.
  • Research novel attacks against GPU infrastructure, the inference stack, and AI platform managed services.
  • Assess tenant-isolation boundaries and identify low-level paths to break them.
  • Conduct targeted assessments of new products and infrastructure changes before release.
  • Work with Detection & Response and other security engineering teams to run purple team exercises and close detection gaps.
  • Deliver clear, actionable reports for technical audiences and leadership with prioritized findings and remediation guidance.
  • Establish red team processes, tooling, and a scalable methodology as the platform grows.

Requirements

  • 6+ years of experience in offensive security, including penetration testing, red teaming, or adversary simulation.
  • At least 1-2 years of experience leading or mentoring a team.
  • Deep experience attacking cloud-native environments, including Kubernetes privilege escalation, cloud IAM abuse, virtualization, and container escapes.
  • Strong fundamentals across the attack lifecycle, including initial access, persistence, lateral movement, and data exfiltration.
  • Proficiency developing custom tooling and post-exploitation capabilities in Python, Go, or similar languages.
  • Experience running purple team exercises and collaborating constructively with blue teams.
  • Ability to write clear senior-level reports with business-contextualized risk that engineers can easily use.
  • Experience attacking ML infrastructure, model serving pipelines, or GPU clusters is preferred.
  • Reverse engineering and exploit development experience is preferred.
  • Application security experience is preferred.
  • Familiarity with eBPF bypass techniques or kernel-level exploitation is preferred.
  • Background in vulnerability research or CVE discovery is preferred.
  • Experience with cloud provider internals, such as hypervisor or networking layers, is preferred.
  • Experience presenting security research at conferences like BlackHat or DefCon is preferred.
  • Applicants must be authorized to work in the country in which they apply and provide proof of employment eligibility as a condition of hire.

Benefits

  • Competitive compensation with equity upside in a Nasdaq-listed, high-growth company.
  • Flexible, remote-first culture.
  • Career growth and learning opportunities.
  • Flexibility and ownership in day-to-day work.
  • Collaborative and innovative culture.
  • Opportunity to work on impactful AI projects.
  • International environment with talented teams.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Risk Assurance Senior

BPM 1K-5K Diversified Financial Services

BPM is hiring a Risk Assurance Senior to execute and coordinate IT audit and compliance engagements across SOX and SOC work while supporting clients, managers, and junior team members.

AWS Azure Cybersecurity GCP
6 hours, 40 minutes ago

Senior Security Controls Assessor - Contingent

ARETUM Construction & Engineering

Aretum is seeking a Senior Security Controls Assessor to support a federal government contract by conducting comprehensive security assessments of information systems and ensuring compliance with required security controls and regulations.

1 day, 6 hours ago

Manager, Compliance Advisory

Coalfire 251-1K Internet Software & Services

Coalfire is hiring a Manager, Public Sector Advisory to lead client-facing cybersecurity compliance engagements for public sector customers while managing a small consulting team and overseeing delivery quality.

AWS Azure Cybersecurity GCP Network Security
2 days, 6 hours ago

Senior Technical Consultant — Physical & Logical Access Control (ServiceNow Platform)

SwiftConnect 51-200 Software Development

An experienced technical consultant is needed to advise product and engineering teams building an enterprise workplace security capability on the ServiceNow platform, unifying physical access control with identity, HR, and IT workflows.

REST API SOAP
2 days, 6 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers