Principal Security Incident Lead (Blue Team)

Kforce has a client that is seeking a Principal Security Incident Lead (Blue Team) in New York, NY or Boston, MA (on-site). The Opportunity: We are seeking a seasoned Blue Team leader to spearhead the evolution of our North American incident response program. This is a high-visibility, technical leadership role designed for an expert who excels in high-pressure situations and wants to define the response strategy for a scaling, cloud-native enterprise. You will act as the senior technical authority for major security events, bridging the gap between our 24/7 monitoring partners and internal engineering, infrastructure, and executive stakeholders. Key Responsibilities:

• Incident Command: Serve as the primary Incident Commander for high-severity events in the U.S. region, directing containment strategies and cross-functional response efforts through to resolution
• Executive Communication: Translate complex technical risks into clear, actionable updates for senior business leadership
• Advanced Forensics: Lead deep-dive investigations across a modern stack, including multi-cloud environments, SaaS platforms, identity providers, and hybrid infrastructure
• Strategic Leadership: Provide technical mentorship to a regional team of responders while collaborating with international counterparts to ensure global operational consistency
• Readiness & Validation: Own the development of response playbooks (Ransomware, Data Exfiltration, Identity Theft) and lead tabletop exercises to stress-test our collective response "muscle memory-
• Next-Gen Operations: Partner with Security Engineering to integrate AI-assisted workflows and automated orchestration (SOAR) into the live response lifecycle
• Continuous Improvement: Manage post-mortem processes to identify systemic gaps, influencing future budget and tooling investments
• Experience: 7+ years in dedicated Incident Response, SOC, or Blue Team environments with a focus on enterprise-scale defense
• Command Presence: Proven track record of managing high-severity incidents as a primary escalation lead
• Cloud Proficiency: Extensive experience investigating threats in cloud-forward and identity-centric architectures (AWS/Azure/GCP, Okta, etc.)
• Technical Depth: Hands-on expertise in evidence collection, attacker behavior analysis, and modern forensics
• Communication: Exceptional ability to remain calm and articulate under pressure, with experience managing managed security service provider (MSSP) relationships

Bonus Points:

• Experience in highly regulated sectors (e.g., Finance, Fintech, or Healthcare)
• Knowledge of Kubernetes/Container security and runtime protection
• Familiarity with the MITRE ATT&CK framework and threat-informed defense strategies

Why Join Us: This role offers true ownership over a critical security function. You will have the platform to modernize how a global firm handles risk, moving beyond traditional reactive models toward a proactive, automation-heavy future.