Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Threat Detection & Response - Blue Team Lead

$150k - $180k

Stage

COMPANY OVERVIEW

KKR is a leading global investment firm that offers alternative asset management as well as capital markets and insurance solutions. KKR aims to generate attractive investment returns by following a patient and disciplined investment approach, employing world-class people, and supporting growth in its portfolio companies and communities. KKR sponsors investment funds that invest in private equity, credit and real assets and has strategic partners that manage hedge funds. KKR’s insurance subsidiaries offer retirement, life and reinsurance products under the management of Global Atlantic Financial Group. References to KKR’s investments may include the activities of its sponsored funds and insurance subsidiaries.

TEAM OVERVIEW

KKR's Technology organization is a group of passionate technologists and product managers, unified by a shared mission to deliver exceptional products and solutions that drive value for our stakeholders, clients, and investors. Our passion for technology and innovation fuels our commitment to creating high-quality, impactful solutions that address complex challenges and meet the evolving needs of our sophisticated businesses. Teamwork is at the core of the organization’s success. We thrive on open collaboration and continuous learning, driving a culture that values diversity of thought and collective achievement. Our global footprint enables us to integrate diverse perspectives into product and solution delivery, resulting in comprehensive, adaptable, and scalable solutions. We optimize for impact, prioritizing and delivering solutions with excellence while remaining agile in response to the evolving needs of our businesses.

POSITION OVERVIEW

We are seeking a Blue Team Lead to serve as KKR’s U.S. Regional Lead and escalation point for complex cyber incidents within the Threat Detection & Response (TD&R) function in our New York or Boston office. This is a senior incident response leadership role combining deep investigative expertise with ownership of incident command, containment strategy, stakeholder communication, and response readiness. This is an in-office position, 5 days per week. KKR operates in a hybrid environment today; however, our operating model is increasingly cloud-first and identity-first, with growing focus on runtime and SaaS as primary investigative surfaces. This role will help shape how we respond in that future state – partnering closely with our MSSP, internal Computer Incident Response Team (CIRT), and engineering counterparts to drive faster, more consistent outcomes. You will also be a key operational partner to the TDR SOC Engineer (SOC Engineering, Automation & Agentic Workflows) role. The Blue Team Lead defines the incident response requirements, validates that workflows and automation are usable under pressure, and ensures lessons learned translate into durable improvements across people, process, and technology.

RESPONSIBILITIES

Incident Leadership & Command (U.S. Regional Lead) Act as U.S. escalation lead / incident commander for high‑severity incidents, owning response strategy, containment decisions, and coordination through resolution. Lead cross‑functional response with internal CIRT, infrastructure/platform teams, cloud teams, identity teams, legal/compliance, and business stakeholders. Provide executive‑ready briefings and situational updates during active incidents, clearly communicating risk, impact, trade‑offs, and next steps. Ensure post‑incident reviews are completed and translated into measurable remediation and program improvements. Advanced Investigations (Cloud/Identity/Runtime First; Hybrid Aware) Perform and lead advanced investigations across endpoint, network, identity, cloud control plane, SaaS, and (as needed) on‑prem telemetry. Drive evidence collection and preservation strategies appropriate for hybrid environments, including cloud‑native logging and ephemeral workload considerations. Develop investigative narratives: attacker objectives, sequence of actions, impacted assets, containment efficacy, and residual risk. Readiness, Playbooks, and Exercising Own and continuously improve incident response playbooks (e.g., ransomware/extortion, BEC, cloud account compromise, token/key theft, data exfiltration, insider risk). Lead and coordinate exercises and simulations; ensure learnings become concrete improvements (process updates, training, tooling enhancements). Establish escalation criteria and decision frameworks (severity, containment triggers, business engagement, recovery prioritization). AI‑Enabled Response & Analyst Acceleration (Operational Owner) Operationalize AI‑assisted workflows to improve incident execution (e.g., alert/case summarization, timeline generation, correlation support, case documentation), ensuring strong governance, auditability, and human‑in‑the‑loop controls. Partner with SOC Engineering to define requirements and validate that automation/agentic workflows reduce toil and time‑to‑contain without increasing operational risk or noise. Continuous Improvement, Threat‑Informed Defense, and Partner Management Convert incident lessons‑learned into durable improvements across enrichment, routing/prioritization, response plays, and coverage enhancements in partnership with SOC Engineering and ReliaQuest. Support threat hunting and purple‑team efforts by shaping hypotheses and prioritizing validation based on real incident patterns and business risk (enablement and translation to controls – not primary hunt execution). Maintain strong operating rhythm with ReliaQuest and internal teams to ensure smooth escalations, clear responsibilities, and consistent response quality globally. Metrics & Reporting Help define, track, and improve operational KPIs such as MTTR, MTTC, time‑to‑triage, containment SLA adherence, repeat‑incident drivers, and quality of post‑incident actions. Provide insight‑driven reporting to TD&R leadership on trends, systemic issues, and targeted investments needed to raise response maturity.

QUALIFICATIONS

6+ years in Incident Response, Security Operations, or Blue Team roles, including leading high‑severity incidents end‑to‑end. Proven ability to serve as an escalation lead and incident commander – calm, decisive leadership in ambiguous, high‑pressure situations. Strong communication skills: able to translate complex technical details into clear, actionable updates for executives and stakeholders. Experience operating in cloud‑forward enterprises, including hybrid environments spanning SaaS, cloud‑native workloads, and on‑prem systems. Strong familiarity with identity‑centric security models and investigations (federated identity, IAM abuse patterns, token theft, conditional access signals). Working knowledge of cloud‑native architectures (containers/Kubernetes, serverless, CI/CD) and the investigative/containment challenges they introduce. Experience partnering with MSSPs and distributed teams; comfortable operating in a hybrid SOC model (internal + ReliaQuest). Familiarity with MITRE ATT&CK and applying it to investigative thinking, readiness planning, and validation priorities. Experience designing, using, or validating automated response workflows (SOAR) and promoting safe automation patterns. Exposure to AI‑assisted SOC/IR tooling, including governance considerations (data handling, audit logging, human approval, evaluation). Experience with purple teaming, detection validation, or adversary simulation platforms (e.g., Atomic Red Team, Caldera, Cymulate). (Preferred) Ability to influence engineering roadmaps (telemetry, enrichment, workflow improvements) based on operational pain points and incident learnings. (Preferred)

IDEAL CANDIDATE PROFILE

Incident leader: takes ownership, drives clarity, and brings structure to high‑severity response. Technically deep and business‑aware: understands attacker behavior and business impact equally well. Operationally disciplined: strong instincts for repeatability, playbooks, and learning loops. Collaborative and influential: can align MSSP + internal teams, and partner effectively with SOC Engineering and platform teams. Future‑oriented: comfortable modernizing response for cloud‑first and AI‑enabled operating models.

WHY JOIN US

This is a pivotal leadership role in a globally scaled Threat Detection & Response function at a leading investment firm. As U.S. Regional Lead, you will shape incident response outcomes for critical enterprise operations and directly influence how KKR modernizes response for a cloud‑first, AI‑enabled future. You’ll partner with a high‑performing MSSP and an engineering‑driven TDR team to improve readiness, accelerate containment, and raise the bar on response quality across the organization. Base Salary Range: $150,000 – $180,000 USD

EEO STATEMENT

KKR is an equal opportunity employer. Individuals seeking employment are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, or any other category protected by applicable law. KKR will provide reasonable accommodations as required by applicable federal, state, and/or local laws. Individuals seeking an accommodation for the application or interview process should email View email address on click.appcast.io. Emails sent for unrelated issues, such as following up on an application, will not receive a response. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access because of your disability. You can request reasonable accommodations by sending an email to View email address on click.appcast.io. Only emails left for this purpose will be returned. Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. This notice applies only to applicants and employees who work or will work in Massachusetts, in accordance with applicable state law. #J-18808-Ljbffr Stage

Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Threat Detection & Response - Blue Team Lead in New York, NY vacancy
  • Blackbaud is seeking a Sr. Manager of Cyber Threat Detection and Response to lead the detection engineering and incident response teams. Responsibilities include developing threat detection frameworks and managing incident response efforts across varied security operations... 
    Suggested
    Remote work
    Flexible hours

    Blackbaud

    New York, NY
    3 days ago
  • $234k - $300k

    What You’ll Do: Lead and grow a team of product managers focused on Datadog’s TDIR capabilities within Cloud SIEM Define and execute product strategy across detection workflows, investigation experiences, and response automation Own the roadmap for core pillars: integrations... 
    Suggested

    The Consulting Solutions

    New York, NY
    20 hours ago
  • $168k - $195k

     ...across the company. The team drives technology and...  ...Role As the Principal Lead Analyst of DART, you are...  ...cyber defense and incident response. This is a high-impact...  ...the evolution of our threat-hunting program, and mentor...  ...scenarios. Advanced Detection & Hunting Strategy... 
    Suggested
    16 hours
    Work at office
    Local area
    Immediate start
    Remote work
    Relocation
    Shift work

    Corebridge Financial

    Jersey City, NJ
    20 hours ago
  • $10k

    About The Role Join our growing security team and help drive security detection and response initiatives across Ramp. This will include a focus on maturing...  ...Design and implement automation to detect and respond to threats What You Need 3-4 years of information technology... 
    Suggested
    Full time
    Work experience placement
    Work at office
    Home office
    Relocation package
    Flexible hours
    2 days per week

    Ramp

    New York, NY
    2 days ago
  • A leading cybersecurity firm is seeking an experienced professional for managing Security Incident Response and Threat Hunting. The role requires over 8 years of experience in IT Security...  ...hands-on experience with advanced detection technologies. This is a remote position... 
    Suggested
    Remote job

    Turtle Trax S.A.

    New York, NY
    3 days ago
  •  ...their New York office. In this role, you will lead the firm’s cybersecurity efforts, focusing on security monitoring, incident response, threat detection, and vulnerability management. Working closely with cross-functional teams in the Technology department, you will... 
    Work at office

    Radley James Limited

    New York, NY
    3 days ago
  • $40 - $80 per hour

    Incident Response Lead, Cyber Security $40-80/hr Remote Freelance CODING About the...  ...directly strengthen how organizations detect, respond to, and contain real threats? We're looking for a seasoned...  ...surfacing the gaps that keep security teams up at night. This is a fully... 
    Hourly pay
    Ongoing contract
    Contract work
    Freelance
    Remote work
    Flexible hours
    Night shift

    Alignerr

    New York, NY
    1 day ago
  • $145k - $195k

    Service Delivery Manager, Managed Detection and Response We have a new and exciting role for a Service...  ...our Managed Detection and Response Team in the Cybersecurity practice in the USA...  ...service quality with clients. This includes leading QSRs, managing escalations,... 
    Immediate start
    Flexible hours
    Shift work

    S-RM Intelligence and Risk Consulting

    New York, NY
    1 day ago
  • $168k - $195k

     ...Manufacturing Co is looking for a Principal Lead Analyst to lead cyber defense efforts and manage critical incident responses. This role requires extensive experience in cybersecurity...  ...and incident response, focusing on team mentorship and incident command. Applicants... 

    Dormont Manufacturing Co

    New York, NY
    4 days ago
  • A leading fitness technology company is seeking a Senior Cyber Analyst. You will support their Security Program, perform in-depth intelligence analysis, and develop incident response protocols. The ideal candidate will have at least 5 years of experience in Information... 

    Peloton Interactive

    New York, NY
    1 day ago
  •  ...with us means joining a team of more than 230,000...  ...Citi's Cloud Incident Response (Cloud IR) team seeks a...  ...own and strategically lead security incident response...  ...proactively address emerging threats across cloud, SaaS,...  ...monitoring, threat detection, and response capabilities... 
    Full time

    Citi

    New York, NY
    3 days ago
  •  ...Cyber Security division for an Incident Response Engagement Lead in the United States. S-RM is a global...  ...demand than ever. We’re building a team to meet this challenge. We’re quick to...  ...Advising strategies for responding to cyber threat actors. Providing crisis management... 
    Immediate start
    Flexible hours

    S-RM Intelligence and Risk Consulting

    New York, NY
    4 days ago
  • A leading restaurant technology provider is seeking a Staff Security Engineer to lead the Security Blue Team. This position involves guiding a team in information protection, overseeing incident detection and response, and implementing security measures across all platforms... 
    Remote job

    Olo

    New York, NY
    4 days ago
  • $115.4k - $192.3k

    About the role As an Analytics Team Lead, you will provide technical...  ...largest, real‑time fraud detection platform to craft solutions...  ...needs and project demand. Responsibilities Lead analytics workstreams...  ...fight emerging and dormant threats. Inspire the wider team to do... 
    Local area
    Immediate start
    Remote work

    RELX INC

    New York, NY
    4 days ago
  •  ...Senior Manager for Intelligence, Investigations, and Incident Management. This pivotal role leads the enterprise's capability for threat intelligence and coordinates responses to security incidents. You will need 10+ years of experience in corporate security or related... 

    Dormont Manufacturing Co

    Brooklyn, NY
    3 days ago
  • $120.19k - $223.21k

    ## Incident Response Lead - RemoteApplylocations: US-NY-New York-Virtualtime type: Full timeposted...  ...to organizations globally. With a team of more than 8,000 experts and over 30 years...  ...Leads, who own monitoring operations, detection engineering, alert triage processes, SIEM... 
    Remote job
    Local area
    Worldwide
    Visa sponsorship
    Flexible hours

    Strada Inc.

    New York, NY
    1 day ago
  • $80 - $120 per hour

     ...organization is seeking a First-Line Supervisor of Police and Detectives for a remote role. This position requires strong professional experience and excellent written communication skills. Responsibilities include creating deliverables and reviewing peer work to enhance... 
    Remote job
    Hourly pay
    Contract work
    10 hours per week

    Crossing Hurdles

    New York, NY
    3 days ago
  •  ...seeking a Senior Security Operations Center (SOC) Analyst to lead investigations and mitigate security incidents. You will engage...  ...forensics and incident analysis, enhancing the organization's threat response capabilities. The ideal candidate has a degree in Computer Science... 

    Zelis Healthcare, LLC

    New York, NY
    4 days ago
  • Rockstar Games is seeking a Senior Security Engineer to lead efforts in safeguarding information systems at...  ...will have over 5 years of experience in incident response and security investigations, skilled in analyzing threats and managing response lifecycles. This full-time... 
    Full time

    Dormont Manufacturing Company

    New York, NY
    3 days ago
  • The Consulting Solutions is looking for an experienced Product Manager to lead a team focusing on security workflows at Datadog. You will define product strategies, manage roadmaps, and collaborate with engineering, design, and sales teams. The ideal candidate has extensive... 

    The Consulting Solutions

    New York, NY
    20 hours ago
  • $204k - $240k

    Etsy, Inc. is looking for a seasoned security professional in New York to lead incident response initiatives and strengthen detection processes. Candidates should have 9+ years of experience in security roles, particularly in incident response, alongside a firm understanding... 

    Etsy, Inc.

    New York, NY
    20 hours ago
  •  ...is seeking a professional to join their customer-focused team in the United States. In this role, you will enhance herd...  ...breeding services while utilizing advanced technologies. Responsibilities include detecting heats in cows, inseminating them, and managing fertility... 

    Cogentuk

    New York, NY
    3 days ago
  • $152.7k - $294k

     ...connected powerhouse of diverse teams and take your career...  ...and time-to-value at scale. Responsible for providing strategic direction...  ...multiple priorities, leading cross-functional initiatives...  ...IaC scanning, DSPM, runtime threat detection, and vulnerability management... 
    Summer holiday
    Local area
    Flexible hours

    EY

    Hoboken, NJ
    1 day ago
  •  ...Position Name: Team Lead Reports to: Client Technology Manager Location/Type: NYC Full...  ...growing support department. You will be responsible for a team of Junior Systems Engineers...  ...Sophos or similar product for endpoint threat management Basic understanding of virtualization... 
    Full time
    Work at office

    Atlas Technica

    New York, NY
    20 hours ago
  •  ...Role: AI Team Lead Location: NYC, NY Project description We're seeking an...  ...biggest financial institutions in USA. Responsibilities ~ Design, develop and deploy ML/...  ...: metrics, logging, model drift detection, and alerting. ~ Conduct A/B... 

    Lorven Technologies

    New York, NY
    2 days ago
  • $33 - $35 per hour

     ...POSITION SUMMARY The Lead Handler will be responsible for overseeing the Handlers...  ...search, and trace detection as needed ~ Perform...  ...required for assigned Canine Teams ~ Manage, supervise...  ...search cargo and identify threats ~ Perform Handler duties... 
    Hourly pay
    Contract work
    Local area
    Flexible hours
    Night shift
    Weekend work

    American K9 Detective Services

    Queens, NY
    3 days ago
  •  ...looking for a Customer Support Lead to build and run Fun's end-...  ...ll join a lean, high-caliber team with outsized impact on how this...  ...its next phase of growth. Responsibilities Support Operations & Team Leadership...  ...ticket volume — intent detection, automated classification,... 
    Live in
    Work from home
    Monday to Thursday
    Shift work

    Voiceflow

    New York, NY
    4 days ago
  •  ...Senior Associate, Security Operations to join its expanding team in New York. This role is pivotal in managing day-to-day security operations and involves coordinating with our managed detection and response provider. The ideal candidate should have over 5 years of experience... 

    Andersen

    New York, NY
    2 days ago
  • $74.88k - $83.2k

     ...: Community Philanthropy Manager, Direct Response Location: This role will be remote in the...  ...the Marketing, Communications & Content Teams - ensuring alignment with organizational...  ...improve donor participation and engagement Leads the project management (through Asana) of... 
    Full time
    Remote work

    The Trevor Project

    New York, NY
    1 day ago
  •  ...and airspace solutions sector. This remote position, which requires travel to Dallas, TX, involves leading a team to manage technical support operations. Responsibilities include overseeing hardware and SaaS support, improving processes, and ensuring high-quality service... 
    Remote job

    Peskind Executive Search

    New York, NY
    3 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Threat Detection & Response - Blue Team Lead. Be the first to apply!