<p>Kforce has a client that is seeking a SOC Engineer - Threat Detection & Response in New York, NY or Brighton, MA (on-site).</p> <p>About the Opportunity: We are looking for an engineering-driven SOC Engineer to help evolve and scale modern Threat Detection & Response operations within a complex, global environment. This role is ideal for someone who thinks like a builder - an engineer who enjoys designing systems, automating workflows, and solving operational challenges at scale.</p> <p>You will focus on improving how security teams detect, triage, investigate, and respond to threats by engineering smarter workflows, automations, and integrations. While security knowledge is important, this is not a traditional SOC analyst role. Strong engineering fundamentals and curiosity matter most.</p> <p>What You'll Work On:</p> <ul> <li>Engineer end-to-end SOC workflows from alert intake through investigation, containment, and continuous improvement </li><li>Design and build automation that reduces manual effort, improves consistency, and speeds response times </li><li>Develop and maintain SOAR playbooks and orchestration for enrichment, triage, and containment support </li><li>Integrate security tooling across endpoint, identity, cloud, network, and SaaS platforms </li><li>Improve data quality, enrichment, and context so alerts are actionable and decisions are faster </li><li>Build safe, auditable automation with human approvals, logging, and clear guardrails </li><li>Create analyst-assist workflows that summarize cases, correlate signals, and recommend next steps </li><li>Strengthen detection quality and lifecycle management, from onboarding to validation and retirement </li><li>Measure and improve outcomes using operational metrics like time-to-triage and time-to-contain* Reduced analyst toil through standardized workflows and automation </li><li>Higher-quality investigations with better context and clearer response paths </li><li>Faster, more consistent containment decisions </li><li>Scalable, measurable detection and response operations built like products </li></ul> <p>What We're Looking For:</p> <ul> <li>Several years of experience in engineering-focused security, SOC engineering, IR engineering, or automation roles </li><li>Strong software or systems engineering fundamentals (version control, testing, scripting/programming) </li><li>Experience integrating and automating security platforms such as SIEM, EDR, and cloud services </li><li>Comfort working with tools like Splunk, AWS, and endpoint security platforms (or equivalents) </li><li>Ability to turn real-world operational pain points into scalable, reliable solutions </li><li>A practical mindset that designs for real incidents, not just ideal architectures </li></ul> <p>Nice to Have:</p> <ul> <li>Multi-cloud experience </li><li>Detection engineering or validation experience (simulations, testing, purple team exercises) </li><li>Exposure to AI-assisted SOC workflows with appropriate governance and controls </li></ul> <p>Why Join: You will have the autonomy to drive meaningful modernization without starting from zero. This is a hands-on role for someone who enjoys digging into complex problems, experimenting, and building durable systems that make a real difference in how security teams operate.</p>