<p>Kforce has a client that is seeking a Lead Engineer, Blue Team - Threat Detection & Incident Response in New York, NY or Boston, MA (on-site).</p> <p>The Opportunity: We are building the next generation of enterprise incident response and are looking for a senior Blue Team leader to help drive it. This is a hands-on, technical leadership role for someone who thrives during high-impact incidents and enjoys shaping how detection and response operate at scale.</p> <p>You will serve as the U.S. escalation lead for complex security incidents, acting as the connective tissue between a 24/7 global security operations center and internal engineering, infrastructure, and business teams. As the organization continues to grow, this role will help define how incidents are handled in a cloud-first, identity-driven environment.</p> <p>What You'll Do: Incident Command & Regional Leadership:</p> <ul> <li>Act as the primary escalation point and incident commander for high-severity security events in the U.S. </li><li>Lead response strategy, containment decisions, and cross-functional coordination through resolution </li><li>Deliver clear, executive-ready updates that translate technical risk into business impact </li><li>Ensure post-incident reviews result in meaningful, measurable improvements </li></ul> <p>Advanced Threat Investigation:</p> <ul> <li>Lead investigations across endpoint, identity, cloud platforms, SaaS, network, and hybrid environments </li><li>Develop clear investigative narratives that explain attacker behavior, impact, and residual risk </li><li>Guide evidence collection and preservation in modern, cloud-native environments </li></ul> <p>Team Leadership & Global Collaboration:</p> <ul> <li>Lead and mentor a small U.S.-based Blue Team while collaborating closely with peers in EMEA and APAC </li><li>Provide technical direction, coaching, and escalation support to analysts and responders </li><li>Partner with external security providers and internal teams to ensure consistent response qualityReadiness, Playbooks & Continuous Improvement: </li><li>Own and evolve incident response playbooks for scenarios such as ransomware, account compromise, data exfiltration, and insider risk </li><li>Lead simulations and exercises to validate readiness and improve response muscle memory </li></ul> <p>Automation & AI-Enabled Response:</p> <ul> <li>Partner with security engineering teams to operationalize automation and AI-assisted workflows </li><li>Validate that tooling and workflows work under real incident pressure </li><li>Ensure strong governance, auditability, and human-in-the-loop controls </li></ul> <p>Metrics & Maturity:</p> <ul> <li>Track and improve metrics such as time-to-triage, time-to-contain, and containment effectiveness </li><li>Identify systemic gaps and help shape future investments in detection, response, and tooling </li></ul> <p>What We're Looking For:</p> <ul> <li>7+ years of experience in incident response, security operations, or Blue Team roles </li><li>Proven experience leading high-severity incidents and serving as an escalation point </li><li>Strong hands-on technical background paired with people leadership experience (formal or informal) </li><li>Experience operating in cloud-forward, identity-centric environments </li><li>Ability to communicate calmly and clearly in high-pressure situations </li><li>Experience working with global teams and managed security partners </li></ul> <p>Nice to Have:</p> <ul> <li>Background in financial services or highly regulated environments </li><li>Familiarity with containerized or Kubernetes-based environments </li><li>Experience with automated or SOAR-enabled response workflows </li><li>Exposure to threat-informed defense, purple teaming, or detection validation </li></ul> <p>Why This Role: This is a growth-driven opportunity with real ownership. You will shape how incidents are handled across a global enterprise, influence the evolution of detection and response capabilities, and help modernize security operations for a cloud-first future.</p>