Director of Cyber Defense Engineering
About the role
We are hiring a Director of Cyber Defense Engineering to own Nscale’s full defensive stack and build a cyber defense program that matches the pace and complexity of AI cloud infrastructure risk.
Reporting directly to the CISO, this role sits at the center of Nscale’s security leadership and works closely with engineering and executive leadership. You will lead across a 24x7 global SOC, incident response, threat intelligence, detection engineering, and red team, bringing together functions that must operate as one during both day-to-day defense and high-severity incidents.
This role is critical to strengthening Nscale’s defensive posture as the threat landscape evolves faster than traditional enterprise security programs were designed to handle. You will shape how the organization detects, responds to, and learns from threats, while ensuring security findings translate into better detections, stronger playbooks, and more resilient controls.
What you'll be doing
24x7 Global SOC
- Lead a follow-the-sun SOC across multiple regions and drive a resilient global operating model.
- Set standards for shift handoffs, triage discipline, escalation thresholds, and analyst development.
- Drive AI-assisted triage and alert enrichment to reduce manual workload and improve analyst efficiency.
- Define SLAs and KPIs that reflect defensive posture and operational effectiveness.
Incident Response Leadership
- Own the incident response program end-to-end, including playbooks, retainers, tabletops, and post-mortems.
- Lead high-severity incident response across engineering, legal, and executive stakeholders.
- Apply AI tooling to accelerate post-incident analysis, including timeline reconstruction, root cause correlation, and pattern identification.
- Ensure incident findings translate into updated detections, playbooks, and controls.
Detection Engineering & Defensive Tooling
- Own detection strategy across endpoints, cloud control planes, Kubernetes and container environments, network, and identity.
- Build and tune SIEM, EDR, NDR, and SOAR capabilities to improve signal quality and response speed.
- Apply ML-based detection techniques to surface anomalies and low-signal threats that rule-based approaches may miss.
- Refine detection design continuously using threat intelligence and red team findings.
Threat Intelligence Program
- Build a threat intelligence program focused on risks relevant to AI cloud infrastructure, including actors, methods, and campaigns targeting platforms like Nscale’s.
- Translate intelligence into actionable detection coverage, red team scenarios, and defensive investment priorities.
- Connect intelligence outputs directly to operational security outcomes rather than standalone briefings.
Red Team & Adversary Simulation
- Lead adversary emulation across infrastructure, identity, and production systems.
- Run purple team exercises tied to measurable improvements in detection coverage.
- Partner with Platform Engineering to remediate findings and strengthen defensive controls.
KPIs
- SOC SLA and KPI performance
- High-severity incident response effectiveness
- Detection coverage across cloud, Kubernetes, network, identity, and endpoints
- Measurable improvement from red team and purple team exercises
About You
- 15+ years in cybersecurity, with at least 5 years leading a multi-function cyber defense team
- Direct leadership experience across SOC operations, incident response, detection engineering, threat intelligence, and red team
- Experience serving as the incident commander or most senior security leader during a significant breach, ransomware event, nation-state intrusion, or critical infrastructure attack
- Strong hands-on experience securing cloud-native, containerized, Kubernetes-orchestrated production environments
- Deep knowledge of risks including control plane exposure, container escape, image supply chain, secrets management, and lateral movement through service meshes
- Technical depth to engage directly on detection logic, attacker tradecraft, and security architecture
- Practical experience applying AI in security operations, including triage, anomaly detection, or investigation workflows
- Clear understanding of both the capabilities and limitations of AI in cyber defense
- Able to lead effectively under pressure and make high-stakes decisions with incomplete information
- PREFERRED: Experience defending AI, GPU, HPC, or cloud-native platforms, operating in regulated environments, or contributing through research, talks, or open-source tooling
What we can offer you
- Hightly competitive US compensation package (base + bonus + equity), with performance reviews every 12 months.
- Join one of the fastest-growing AI infrastructure companies — your chance to directly shape how global AI capacity is planned and deployed.
- Expect a dynamic progression plan tailored to your ambitions. Grow by leading critical cross-functional initiatives and shaping capital strategy — always with our full support.
- Human-First Flexibility: We treat you as humans first.
Equal Opportunities Statement
We strongly encourage applications from people of colour, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from lower socio-economic backgrounds.
Apply for this job
* indicates a required field