Director of Cyber Defense Engineering

About The Position

Requirements

• 15+ years in cybersecurity
• At least 5 years leading a multi-function cyber defense team
• Direct leadership experience across SOC operations, incident response, detection engineering, threat intelligence, and red team
• Experience serving as the incident commander or most senior security leader during a significant breach, ransomware event, nation-state intrusion, or critical infrastructure attack
• Strong hands-on experience securing cloud-native, containerized, Kubernetes-orchestrated production environments
• Deep knowledge of risks including control plane exposure, container escape, image supply chain, secrets management, and lateral movement through service meshes
• Technical depth to engage directly on detection logic, attacker tradecraft, and security architecture
• Practical experience applying AI in security operations, including triage, anomaly detection, or investigation workflows
• Clear understanding of both the capabilities and limitations of AI in cyber defense
• Ability to lead effectively under pressure and make high-stakes decisions with incomplete information

Nice To Haves

• Defending AI, GPU, HPC, or cloud-native platforms
• Operating in regulated environments
• Contributing through research, talks, or open-source tooling

Responsibilities

• Lead a 24x7 global SOC across multiple regions, establishing a resilient operating model with defined standards for shift handoffs, triage discipline, escalation thresholds, and analyst development.
• Drive AI-assisted triage and alert enrichment to reduce manual workload and improve analyst efficiency.
• Define SLAs and KPIs to measure defensive posture and operational effectiveness.
• Own the end-to-end incident response program, including playbooks, retainers, tabletops, and post-mortems.
• Lead high-severity incident response efforts involving engineering, legal, and executive stakeholders.
• Utilize AI tooling to expedite post-incident analysis, including timeline reconstruction, root cause correlation, and pattern identification.
• Ensure incident findings lead to updated detections, playbooks, and controls.
• Oversee detection strategy across endpoints, cloud control planes, Kubernetes and container environments, network, and identity.
• Build and tune SIEM, EDR, NDR, and SOAR capabilities to enhance signal quality and response speed.
• Apply ML-based detection techniques to identify anomalies and low-signal threats.
• Continuously refine detection design using threat intelligence and red team findings.
• Build a threat intelligence program focused on risks specific to AI cloud infrastructure, including actors, methods, and campaigns targeting Nscale's platform.
• Translate intelligence into actionable detection coverage, red team scenarios, and defensive investment priorities.
• Connect intelligence outputs directly to operational security outcomes.
• Lead adversary emulation across infrastructure, identity, and production systems.
• Conduct purple team exercises focused on measurable improvements in detection coverage.
• Partner with Platform Engineering to remediate findings and strengthen defensive controls.

Benefits

• Highly competitive US compensation package (base + bonus + equity)
• Performance reviews every 12 months
• Dynamic progression plan tailored to ambitions
• Flexible workplace
• Medical
• Dental
• Vision
• Flexible paid time off
• Parental leave
• Retirement plan participation