Build and lead a red team function within Product Security Team, hiring and developing offensive security engineers.
Validate and extend early-stage Secure SDLC threat models via continuous penetration testing, assessing threat severity and mitigation status while challenging assumptions made during threat modeling and system development. Automate routine validations to keep pace with increasing feature flow, reserving manual analysis for genuinely complex cases.
Plan and execute full-scoped red team engagements against Nebius cloud platform
including compute, storage, inference, networking, orchestration layers, and internal tooling. Identify threats, which are able to impact an organization's operations. Work closely with Detection & Response and other security engineering teams to run purple team exercises, validate detection coverage, and close gaps collaboratively.
Research novel attacks against GPU infrastructure (e.g., closed-source firmware and vendor driver binaries, device passthrough exploits, SR-IOV/IOMMU misconfigurations, RDMA/InfiniBand fabric attacks, etc.), the inference stack (e.g., vLLM, TRT-LLM), and AI platform managed services (e.g., managed Slurm). Assess tenant-isolation boundaries and how they can be broken at the low-level stack.
Conduct targeted assessments of new products and infrastructure changes before they ship.
Deliver clear, actionable reports for both technical audiences and leadership
with prioritized findings and remediation guidance.
Establish red team processes, tooling, and a methodology that scales as the platform grows.
Requirements
6+ years in offensive security
penetration testing, red teaming, or adversary simulation
with at least 1-2 years leading or mentoring a team.
Deep experience attacking cloud-native environments: Kubernetes privilege escalation, cloud IAM abuse, virtualization and container escapes.
Strong fundamentals across the attack lifecycle: initial access, persistence, lateral movement, data exfiltration.
Proficiency developing custom tooling and post-exploitation capabilities (Python, Go, or similar).
Experience running purple team exercises and working constructively with blue teams.
Ability to write clear, senior-level reports with business-contextualized risk (not just raw findings) that engineers can easily use.
Tech Stack
Cloud
Kubernetes
Python
SDLC
Go
Benefits
Competitive compensation
Career growth and learning opportunities
Flexibility and ownership
Collaborative and innovative culture
Opportunity to work on impactful AI projects
International environment and talented teams
Offensive Security Lead at Nebius Group | JobVerse