Principal Security Incident Lead (Blue Team)

RESPONSIBILITIES:
Kforce has a client that is seeking a Principal Security Incident Lead (Blue Team) in New York, NY or Boston, MA (on-site).

The Opportunity:
We are seeking a seasoned Blue Team leader to spearhead the evolution of our North American incident response program. This is a high-visibility, technical leadership role designed for an expert who excels in high-pressure situations and wants to define the response strategy for a scaling, cloud-native enterprise. You will act as the senior technical authority for major security events, bridging the gap between our 24/7 monitoring partners and internal engineering, infrastructure, and executive stakeholders.

Key Responsibilities:
* Incident Command: Serve as the primary Incident Commander for high-severity events in the U.S. region, directing containment strategies and cross-functional response efforts through to resolution
* Executive Communication: Translate complex technical risks into clear, actionable updates for senior business leadership
* Advanced Forensics: Lead deep-dive investigations across a modern stack, including multi-cloud environments, SaaS platforms, identity providers, and hybrid infrastructure
* Strategic Leadership: Provide technical mentorship to a regional team of responders while collaborating with international counterparts to ensure global operational consistency
* Readiness & Validation: Own the development of response playbooks (Ransomware, Data Exfiltration, Identity Theft) and lead tabletop exercises to stress-test our collective response "muscle memory-
* Next-Gen Operations: Partner with Security Engineering to integrate AI-assisted workflows and automated orchestration (SOAR) into the live response lifecycle
* Continuous Improvement: Manage post-mortem processes to identify systemic gaps, influencing future budget and tooling investments

REQUIREMENTS:
* Experience: 7+ years in dedicated Incident Response, SOC, or Blue Team environments with a focus on enterprise-scale defense
* Command Presence: Proven track record of managing high-severity incidents as a primary escalation lead
* Cloud Proficiency: Extensive experience investigating threats in cloud-forward and identity-centric architectures (AWS/Azure/Google Cloud Platform, Okta, etc.)
* Technical Depth: Hands-on expertise in evidence collection, attacker behavior analysis, and modern forensics
* Communication: Exceptional ability to remain calm and articulate under pressure, with experience managing managed security service provider (MSSP) relationships

Bonus Points:
* Experience in highly regulated sectors (e.g., Finance, Fintech, or Healthcare)
* Knowledge of Kubernetes/Container security and runtime protection
* Familiarity with the MITRE ATT&CK framework and threat-informed defense strategies

Why Join Us:
This role offers true ownership over a critical security function. You will have the platform to modernize how a global firm handles risk, moving beyond traditional reactive models toward a proactive, automation-heavy future.

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.