About Nebius:
Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.
Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.
Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.
The Role
We are seeking an experienced Data Protection Lead to join the Cyber Security organization, reporting to the Head of Security Engineering under the CISO.
This role combines hands-on DLP engineering with Data Security Posture Management (DSPM) to deliver end-to-end data protection across corporate, cloud, and SaaS environments. You will not only define strategy and standards - you will build, configure, tune, and operate the technical controls that enforce them.
You will own the data protection lifecycle from discovery and classification through policy enforcement and incident response. The role requires deep technical proficiency in DLP platforms and DSPM tooling, combined with the ability to collaborate with Security, IT, Engineering, Product, and GRC teams to reduce data exposure risks and embed strong data governance practices.
Your responsibilities will include:
Lead and own the organization’s data protection domain, including strategy, standards, and hands-on technical implementation
Engineer, deploy, and continuously tune DLP policies across endpoints, email, SaaS, network proxies, and cloud platforms - covering both inline and API-based enforcement modes
Design and implement DSPM solutions to gain continuous visibility into sensitive data posture, data flows, misconfigurations, and exposure risks across cloud and multi-cloud environments
Drive data discovery initiatives to identify and inventory sensitive data across databases, SaaS applications, endpoints, and cloud storage
Define and implement data classification frameworks, labeling standards, and data handling policies integrated with DLP and DSPM controls
Build and maintain DLP detection rules, regular expressions, fingerprinting, and machine learning-based classifiers to minimize false positives and maximize coverage
Integrate DSPM findings into DLP enforcement workflows to create a closed-loop data protection architecture
Define and enforce data access governance, including least-privilege principles and monitoring of sensitive data access patterns
Monitor, triage, and investigate DLP alerts and DSPM-identified risks, collaborating with SOC and Security teams on escalation and remediation
Conduct risk assessments and identify gaps in data protection controls across systems, pipelines, and business processes
Support compliance and regulatory requirements (e.g., GDPR, ISO 27001, SOC 2) related to data security and privacy
Collaborate with Engineering, IT, Product, and GRC teams to embed data security controls into CI/CD pipelines, systems, and workflows
Maintain documentation, runbooks, and guidelines for DLP operations, DSPM posture management, and data security practices
We expect you to have:
6+ years of experience in cyber security, with a strong focus on data security, data protection, or information security
Proven hands-on engineering experience with enterprise DLP platforms - including policy authoring, rule tuning, incident workflow configuration, and platform administration (e.g., Microsoft Purview DLP, Symantec DLP, Forcepoint, or equivalent)
Hands-on experience deploying and operating DSPM tools (e.g., Cyera, Varonis, Rubrik Security Cloud, Normalyze, Securiti, or equivalent) to manage cloud data exposure and classification at scale
Deep understanding of DLP enforcement mechanisms: endpoint DLP, network DLP, email DLP, and cloud/API-based DLP controls
Strong experience with data discovery and classification across cloud environments (AWS, Azure, GCP), SaaS platforms, and on-premises systems
Ability to write and optimize detection logic - regular expressions, data fingerprinting, document fingerprinting, and EDM (Exact Data Matching)
Experience integrating DLP and DSPM tools with SIEM, SOAR, and ticketing systems for alert routing and automated response
Experience securing data across cloud environments and SaaS platforms, including shadow IT and unmanaged data stores
Strong understanding of identity and access management and data access governance principles
Experience working cross-functionally with Security, IT, Engineering, Product, and GRC teams
Strong analytical mindset with the ability to communicate data security risks clearly to technical and non-technical stakeholders
Excellent written and verbal communication skills in English
Proactive, detail-oriented, and ownership-driven
It will be an added bonus if you have:
Experience building or scaling a DLP or data protection program from the ground up in a growing organization
Familiarity with CASB and SSE platforms (e.g., Netskope, Zscaler) and their data protection capabilities
Experience with cloud-native data security services (AWS Macie, Azure Purview, Google DLP API)
Knowledge of privacy and regulatory frameworks (GDPR, ISO 27001, SOC 2, CCPA)
Scripting or automation skills (Python, PowerShell) for DLP policy management or DSPM integration workflows
Relevant certifications such as CISSP, CISM, CDLP, or vendor-specific DLP/DSPM certifications
BSc in Computer Science, Information Security, or a related field
Benefits & Perks:
Competitive compensation
Career growth and learning opportunities
Flexibility and ownership
Collaborative and innovative culture
Opportunity to work on impactful AI projects
International environment and talented teams
What's it like to work at Nebius:
Fast moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI
Equal Opportunity Statement:
Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.
Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire.
If you need accommodations during the application process, please let us know.