Security & GRC Analyst (Agentic Search)

About Nebius:

Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.

Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.

Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.

The product

In a rapidly evolving world, trust in AI depends on AI agents being grounded in fresh, verified real-world data. Search is the foundation that makes this possible.

We are building an agent-native search platform designed specifically for AI systems rather than human users. Our product provides programmatic, low-latency, and observable search APIs that AI agents use to retrieve, filter, and reason over real-world information at scale.

Security is a key part of earning trust with customers, partners, and internal teams. As Tavily grows, we need security to move fast with the business: supporting enterprise customers, reviewing vendors, improving internal controls, and strengthening the technical security posture of our cloud and SaaS environment.

The role

We are looking for a Security & GRC Analyst to join Tavily’s Security team and report to the Information Security Manager.

This is a hands-on hybrid role for someone who can operate across GRC, customer assurance, vendor risk, and technical security operations. You will help us move faster with customers, approve vendors more efficiently, reduce single-person dependency in Security, and improve our security posture through practical technical execution.

This role is a good fit for someone who enjoys both sides of security: answering customer and audit questions clearly, while also getting into tools, logs, access reviews, vulnerabilities, SaaS controls, and security workflows.

What You’ll Do

• Support customer security questionnaires, RFP security sections, trust portal requests, and customer security reviews, helping Security move at the speed of commercial deals.
• Review security-related customer agreement requirements together with Legal and Sales, ensuring responses are accurate, practical, and aligned with Tavily’s actual controls.
• Perform third-party and vendor risk reviews, including SOC 2 / ISO 27001 evidence, DPAs, subprocessors, data flows, and residual risk recommendations.
• Support Tavily’s GRC program, including audit evidence, control tracking, risk register updates, access reviews, policy maintenance, and readiness for frameworks such as SOC 2, ISO 27001, GDPR, and NIST.
• Implement and operationalize security tools and workflows across cloud, SaaS, identity, endpoint, vulnerability management, monitoring, and alerting.
• Partner with Engineering, DevOps, IT, Legal, GTM, and Customer Success to turn security requirements into practical processes that work in a fast-growing company.

What You Bring

• 3+ years of experience in information security, security engineering, GRC, security operations, security consulting, vCISO work, or a similar hybrid security role.
• Hands-on experience with customer security questionnaires, RFPs, trust portals, customer security reviews, audit evidence, or enterprise security assessments.
• Experience implementing or operating security tools such as Wiz, Snyk, Orca, AWS Inspector, GuardDuty, GitHub Advanced Security, Dependabot, Semgrep, Trivy, CrowdStrike, SentinelOne, Okta, Auth0, Google Workspace security controls, SIEM/logging tools, or similar.
• Understand cloud and SaaS security basics, including IAM, SSO/MFA, access reviews, logging, endpoint security, vulnerability management, and security monitoring.
• Are comfortable working in a small security team where you need to be independent, practical, hands-on, and able to switch between customer, compliance, vendor, and technical work.
• Have supported audits or assessments against frameworks such as SOC 2, ISO 27001 / ISO 27002, GDPR, NIST CSF, CIS Controls, or similar security/privacy standards.

Nice to have

• Experience in a startup, scale-up, B2B SaaS company, security company, GRC consulting firm, or audit/security advisory environment.
• Experience with AI security, LLM security, prompt injection, data leakage, privacy/security controls for AI products, or AI governance.
• Experience improving security workflows end-to-end, such as vulnerability management, SaaS monitoring, access reviews, endpoint security, security alerting, or cloud security posture management.

Benefits & Perks:

• Competitive compensation
• Career growth and learning opportunities
• Flexibility and ownership
• Collaborative and innovative culture
• Opportunity to work on impactful AI projects
• International environment and talented teams

What's it like to work at Nebius:

Fast moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI

Equal Opportunity Statement:

Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.

Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire.

If you need accommodations during the application process, please let us know.