Lead Engineer - Threat Detection & Response

Responsibilities Kforce has a client that is seeking a Lead Engineer, Blue Team - Threat Detection & Incident Response in New York, NY or Boston, MA (on-site).The Opportunity:We are building the next generation of enterprise incident response and are looking for a senior Blue Team leader to help drive it. This is a hands-on, technical leadership role for someone who thrives during high-impact incidents and enjoys shaping how detection and response operate at scale.You will serve as the U.S. escalation lead for complex security incidents, acting as the connective tissue between a 24/7 global security operations center and internal engineering, infrastructure, and business teams. As the organization continues to grow, this role will help define how incidents are handled in a cloud-first, identity-driven environment.What You'll Do:Incident Command & Regional Leadership: Act as the primary escalation point and incident commander for high-severity security events in the U.S. Lead response strategy, containment decisions, and cross-functional coordination through resolution Deliver clear, executive-ready updates that translate technical risk into business impact Ensure post-incident reviews result in meaningful, measurable improvements Advanced Threat Investigation: Lead investigations across endpoint, identity, cloud platforms, SaaS, network, and hybrid environments Develop clear investigative narratives that explain attacker behavior, impact, and residual risk Guide evidence collection and preservation in modern, cloud-native environments Team Leadership & Global Collaboration: Lead and mentor a small U.S.-based Blue Team while collaborating closely with peers in EMEA and APAC Provide technical direction, coaching, and escalation support to analysts and responders Partner with external security providers and internal teams to ensure consistent response quality Skills Readiness, Playbooks & Continuous Improvement: Own and evolve incident response playbooks for scenarios such as ransomware, account compromise, data exfiltration, and insider risk Lead simulations and exercises to validate readiness and improve response muscle memory Automation & AI-Enabled Response: Partner with security engineering teams to operationalize automation and AI-assisted workflows Validate that tooling and workflows work under real incident pressure Ensure strong governance, auditability, and human-in-the-loop controls Metrics & Maturity: Track and improve metrics such as time-to-triage, time-to-contain, and containment effectiveness Identify systemic gaps and help shape future investments in detection, response, and tooling What We're Looking For: 7+ years of experience in incident response, security operations, or Blue Team roles Proven experience leading high-severity incidents and serving as an escalation point Strong hands-on technical background paired with people leadership experience (formal or informal) Experience operating in cloud-forward, identity-centric environments Ability to communicate calmly and clearly in high-pressure situations Experience working with global teams and managed security partners Nice to Have: Background in financial services or highly regulated environments Familiarity with containerized or Kubernetes-based environments Experience with automated or SOAR-enabled response workflows Exposure to threat-informed defense, purple teaming, or detection validation Why This Role:This is a growth-driven opportunity with real ownership. You will shape how incidents are handled across a global enterprise, influence the evolution of detection and response capabilities, and help modernize security operations for a cloud-first future. The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future. We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave. Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law. This job is not eligible for bonuses, incentives or commissions. Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. By clicking "Apply Today" you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP. Kforce is a professional staffing services firm offering Technology and Finance & Accounting jobs with top employers nationwide. We specialize in providing contract, contract-to-hire and direct placement opportunities, with over 50 years of experience in the staffing industry. Kforce offers many consultants comprehensive benefits depending on employment status, including medical, dental, 401(K), life insurance and disability. Our vision is to be "the firm most respected by those we serve."

Created: 2026-03-10