Lead Engineer - Threat Detection & Response

RESPONSIBILITIES:
Kforce has a client that is seeking a Lead Engineer, Blue Team - Threat Detection & Incident Response in New York, NY or Boston, MA (on-site).

Overview:
This is a hands-on, technical leadership role for someone who thrives during high-impact incidents and enjoys shaping how detection and response operate at scale. You'll serve as the U.S. escalation lead for complex security incidents, acting as the connective tissue between a 24/7 global security operations center and internal engineering, infrastructure, and business teams. As the organization continues to grow, this role will help define how incidents are handled in a cloud-first, identity-driven environment.

What You'll Do:
* Act as the primary escalation point and incident commander for high-severity security events in the U.S
* Lead response strategy, containment decisions, and cross-functional coordination through resolution
* Deliver clear, executive-ready updates that translate technical risk into business impact
* Ensure post-incident reviews result in meaningful, measurable improvements
* Lead investigations across endpoint, identity, cloud platforms, SaaS, network, and hybrid environments
* Develop clear investigative narratives that explain attacker behavior, impact, and residual risk
* Guide evidence collection and preservation in modern, cloud-native environments
* Lead and mentor a small U.S.-based Blue Team while collaborating closely with peers in EMEA and APAC
* Provide technical direction, coaching, and escalation support to analysts and responders
* Partner with external security providers and internal teams to ensure consistent response quality
* Own and evolve incident response playbooks for scenarios such as ransomware, account compromise, data exfiltration, and insider risk
* Lead simulations and exercises to validate readiness and improve response muscle memory

REQUIREMENTS:
* 7+ years of experience in incident response, security operations, or Blue Team roles
* Proven experience leading high-severity incidents and serving as an escalation point
* Strong hands-on technical background paired with people leadership experience (formal or informal)
* Experience operating in cloud-forward, identity-centric environments
* Ability to communicate calmly and clearly in high-pressure situations
* Experience working with global teams and managed security partners

Nice to Have:
* Background in financial services or highly regulated environments
* Familiarity with containerized or Kubernetes-based environments
* Experience with automated or SOAR-enabled response workflows
* Exposure to threat-informed defense, purple teaming, or detection validation

Why This Role:
This is a growth-driven opportunity with real ownership. You'll shape how incidents are handled across a global enterprise, influence the evolution of detection and response capabilities, and help modernize security operations for a cloud-first future. If you're a technically deep incident leader who enjoys building teams, improving systems, and making a measurable impact, this role offers both scale and visibility.

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.