Threat Detection & Response - Blue Team Lead
$150k - $180kStage
COMPANY OVERVIEW
KKR is a leading global investment firm that offers alternative asset management as well as capital markets and insurance solutions. KKR aims to generate attractive investment returns by following a patient and disciplined investment approach, employing world-class people, and supporting growth in its portfolio companies and communities. KKR sponsors investment funds that invest in private equity, credit and real assets and has strategic partners that manage hedge funds. KKR’s insurance subsidiaries offer retirement, life and reinsurance products under the management of Global Atlantic Financial Group. References to KKR’s investments may include the activities of its sponsored funds and insurance subsidiaries.TEAM OVERVIEW
KKR's Technology organization is a group of passionate technologists and product managers, unified by a shared mission to deliver exceptional products and solutions that drive value for our stakeholders, clients, and investors. Our passion for technology and innovation fuels our commitment to creating high-quality, impactful solutions that address complex challenges and meet the evolving needs of our sophisticated businesses. Teamwork is at the core of the organization’s success. We thrive on open collaboration and continuous learning, driving a culture that values diversity of thought and collective achievement. Our global footprint enables us to integrate diverse perspectives into product and solution delivery, resulting in comprehensive, adaptable, and scalable solutions. We optimize for impact, prioritizing and delivering solutions with excellence while remaining agile in response to the evolving needs of our businesses.POSITION OVERVIEW
We are seeking a Blue Team Lead to serve as KKR’s U.S. Regional Lead and escalation point for complex cyber incidents within the Threat Detection & Response (TD&R) function in our New York or Boston office. This is a senior incident response leadership role combining deep investigative expertise with ownership of incident command, containment strategy, stakeholder communication, and response readiness. This is an in-office position, 5 days per week. KKR operates in a hybrid environment today; however, our operating model is increasingly cloud-first and identity-first, with growing focus on runtime and SaaS as primary investigative surfaces. This role will help shape how we respond in that future state – partnering closely with our MSSP, internal Computer Incident Response Team (CIRT), and engineering counterparts to drive faster, more consistent outcomes. You will also be a key operational partner to the TDR SOC Engineer (SOC Engineering, Automation & Agentic Workflows) role. The Blue Team Lead defines the incident response requirements, validates that workflows and automation are usable under pressure, and ensures lessons learned translate into durable improvements across people, process, and technology.RESPONSIBILITIES
Incident Leadership & Command (U.S. Regional Lead) Act as U.S. escalation lead / incident commander for high‑severity incidents, owning response strategy, containment decisions, and coordination through resolution. Lead cross‑functional response with internal CIRT, infrastructure/platform teams, cloud teams, identity teams, legal/compliance, and business stakeholders. Provide executive‑ready briefings and situational updates during active incidents, clearly communicating risk, impact, trade‑offs, and next steps. Ensure post‑incident reviews are completed and translated into measurable remediation and program improvements. Advanced Investigations (Cloud/Identity/Runtime First; Hybrid Aware) Perform and lead advanced investigations across endpoint, network, identity, cloud control plane, SaaS, and (as needed) on‑prem telemetry. Drive evidence collection and preservation strategies appropriate for hybrid environments, including cloud‑native logging and ephemeral workload considerations. Develop investigative narratives: attacker objectives, sequence of actions, impacted assets, containment efficacy, and residual risk. Readiness, Playbooks, and Exercising Own and continuously improve incident response playbooks (e.g., ransomware/extortion, BEC, cloud account compromise, token/key theft, data exfiltration, insider risk). Lead and coordinate exercises and simulations; ensure learnings become concrete improvements (process updates, training, tooling enhancements). Establish escalation criteria and decision frameworks (severity, containment triggers, business engagement, recovery prioritization). AI‑Enabled Response & Analyst Acceleration (Operational Owner) Operationalize AI‑assisted workflows to improve incident execution (e.g., alert/case summarization, timeline generation, correlation support, case documentation), ensuring strong governance, auditability, and human‑in‑the‑loop controls. Partner with SOC Engineering to define requirements and validate that automation/agentic workflows reduce toil and time‑to‑contain without increasing operational risk or noise. Continuous Improvement, Threat‑Informed Defense, and Partner Management Convert incident lessons‑learned into durable improvements across enrichment, routing/prioritization, response plays, and coverage enhancements in partnership with SOC Engineering and ReliaQuest. Support threat hunting and purple‑team efforts by shaping hypotheses and prioritizing validation based on real incident patterns and business risk (enablement and translation to controls – not primary hunt execution). Maintain strong operating rhythm with ReliaQuest and internal teams to ensure smooth escalations, clear responsibilities, and consistent response quality globally. Metrics & Reporting Help define, track, and improve operational KPIs such as MTTR, MTTC, time‑to‑triage, containment SLA adherence, repeat‑incident drivers, and quality of post‑incident actions. Provide insight‑driven reporting to TD&R leadership on trends, systemic issues, and targeted investments needed to raise response maturity.QUALIFICATIONS
6+ years in Incident Response, Security Operations, or Blue Team roles, including leading high‑severity incidents end‑to‑end. Proven ability to serve as an escalation lead and incident commander – calm, decisive leadership in ambiguous, high‑pressure situations. Strong communication skills: able to translate complex technical details into clear, actionable updates for executives and stakeholders. Experience operating in cloud‑forward enterprises, including hybrid environments spanning SaaS, cloud‑native workloads, and on‑prem systems. Strong familiarity with identity‑centric security models and investigations (federated identity, IAM abuse patterns, token theft, conditional access signals). Working knowledge of cloud‑native architectures (containers/Kubernetes, serverless, CI/CD) and the investigative/containment challenges they introduce. Experience partnering with MSSPs and distributed teams; comfortable operating in a hybrid SOC model (internal + ReliaQuest). Familiarity with MITRE ATT&CK and applying it to investigative thinking, readiness planning, and validation priorities. Experience designing, using, or validating automated response workflows (SOAR) and promoting safe automation patterns. Exposure to AI‑assisted SOC/IR tooling, including governance considerations (data handling, audit logging, human approval, evaluation). Experience with purple teaming, detection validation, or adversary simulation platforms (e.g., Atomic Red Team, Caldera, Cymulate). (Preferred) Ability to influence engineering roadmaps (telemetry, enrichment, workflow improvements) based on operational pain points and incident learnings. (Preferred)IDEAL CANDIDATE PROFILE
Incident leader: takes ownership, drives clarity, and brings structure to high‑severity response. Technically deep and business‑aware: understands attacker behavior and business impact equally well. Operationally disciplined: strong instincts for repeatability, playbooks, and learning loops. Collaborative and influential: can align MSSP + internal teams, and partner effectively with SOC Engineering and platform teams. Future‑oriented: comfortable modernizing response for cloud‑first and AI‑enabled operating models.WHY JOIN US
This is a pivotal leadership role in a globally scaled Threat Detection & Response function at a leading investment firm. As U.S. Regional Lead, you will shape incident response outcomes for critical enterprise operations and directly influence how KKR modernizes response for a cloud‑first, AI‑enabled future. You’ll partner with a high‑performing MSSP and an engineering‑driven TDR team to improve readiness, accelerate containment, and raise the bar on response quality across the organization. Base Salary Range: $150,000 – $180,000 USDEEO STATEMENT
KKR is an equal opportunity employer. Individuals seeking employment are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, or any other category protected by applicable law. KKR will provide reasonable accommodations as required by applicable federal, state, and/or local laws. Individuals seeking an accommodation for the application or interview process should email View email address on click.appcast.io. Emails sent for unrelated issues, such as following up on an application, will not receive a response. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access because of your disability. You can request reasonable accommodations by sending an email to View email address on click.appcast.io. Only emails left for this purpose will be returned. Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. This notice applies only to applicants and employees who work or will work in Massachusetts, in accordance with applicable state law. #J-18808-Ljbffr StageVacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Threat Detection & Response - Blue Team Lead in New York, NY vacancy
- Blackbaud is seeking a Sr. Manager of Cyber Threat Detection and Response to lead the detection engineering and incident response teams. Responsibilities include developing threat detection frameworks and managing incident response efforts across varied security operations...SuggestedRemote workFlexible hours
$234k - $300k
What You’ll Do: Lead and grow a team of product managers focused on Datadog’s TDIR capabilities within Cloud SIEM Define and execute product strategy across detection workflows, investigation experiences, and response automation Own the roadmap for core pillars: integrations...Suggested$168k - $195k
...across the company. The team drives technology and... ...Role As the Principal Lead Analyst of DART, you are... ...cyber defense and incident response. This is a high-impact... ...the evolution of our threat-hunting program, and mentor... ...scenarios. Advanced Detection & Hunting Strategy...Suggested16 hoursWork at officeLocal areaImmediate startRemote workRelocationShift work$10k
About The Role Join our growing security team and help drive security detection and response initiatives across Ramp. This will include a focus on maturing... ...Design and implement automation to detect and respond to threats What You Need 3-4 years of information technology...SuggestedFull timeWork experience placementWork at officeHome officeRelocation packageFlexible hours2 days per week- A leading cybersecurity firm is seeking an experienced professional for managing Security Incident Response and Threat Hunting. The role requires over 8 years of experience in IT Security... ...hands-on experience with advanced detection technologies. This is a remote position...SuggestedRemote job
- ...their New York office. In this role, you will lead the firm’s cybersecurity efforts, focusing on security monitoring, incident response, threat detection, and vulnerability management. Working closely with cross-functional teams in the Technology department, you will...Work at office
$40 - $80 per hour
Incident Response Lead, Cyber Security $40-80/hr Remote Freelance CODING About the... ...directly strengthen how organizations detect, respond to, and contain real threats? We're looking for a seasoned... ...surfacing the gaps that keep security teams up at night. This is a fully...Hourly payOngoing contractContract workFreelanceRemote workFlexible hoursNight shift$145k - $195k
Service Delivery Manager, Managed Detection and Response We have a new and exciting role for a Service... ...our Managed Detection and Response Team in the Cybersecurity practice in the USA... ...service quality with clients. This includes leading QSRs, managing escalations,...Immediate startFlexible hoursShift work$168k - $195k
...Manufacturing Co is looking for a Principal Lead Analyst to lead cyber defense efforts and manage critical incident responses. This role requires extensive experience in cybersecurity... ...and incident response, focusing on team mentorship and incident command. Applicants...- A leading fitness technology company is seeking a Senior Cyber Analyst. You will support their Security Program, perform in-depth intelligence analysis, and develop incident response protocols. The ideal candidate will have at least 5 years of experience in Information...
- ...with us means joining a team of more than 230,000... ...Citi's Cloud Incident Response (Cloud IR) team seeks a... ...own and strategically lead security incident response... ...proactively address emerging threats across cloud, SaaS,... ...monitoring, threat detection, and response capabilities...Full time
- ...Cyber Security division for an Incident Response Engagement Lead in the United States. S-RM is a global... ...demand than ever. We’re building a team to meet this challenge. We’re quick to... ...Advising strategies for responding to cyber threat actors. Providing crisis management...Immediate startFlexible hours
- A leading restaurant technology provider is seeking a Staff Security Engineer to lead the Security Blue Team. This position involves guiding a team in information protection, overseeing incident detection and response, and implementing security measures across all platforms...Remote job
$115.4k - $192.3k
About the role As an Analytics Team Lead, you will provide technical... ...largest, real‑time fraud detection platform to craft solutions... ...needs and project demand. Responsibilities Lead analytics workstreams... ...fight emerging and dormant threats. Inspire the wider team to do...Local areaImmediate startRemote work- ...Senior Manager for Intelligence, Investigations, and Incident Management. This pivotal role leads the enterprise's capability for threat intelligence and coordinates responses to security incidents. You will need 10+ years of experience in corporate security or related...
$120.19k - $223.21k
## Incident Response Lead - RemoteApplylocations: US-NY-New York-Virtualtime type: Full timeposted... ...to organizations globally. With a team of more than 8,000 experts and over 30 years... ...Leads, who own monitoring operations, detection engineering, alert triage processes, SIEM...Remote jobLocal areaWorldwideVisa sponsorshipFlexible hours$80 - $120 per hour
...organization is seeking a First-Line Supervisor of Police and Detectives for a remote role. This position requires strong professional experience and excellent written communication skills. Responsibilities include creating deliverables and reviewing peer work to enhance...Remote jobHourly payContract work10 hours per week- ...seeking a Senior Security Operations Center (SOC) Analyst to lead investigations and mitigate security incidents. You will engage... ...forensics and incident analysis, enhancing the organization's threat response capabilities. The ideal candidate has a degree in Computer Science...
- Rockstar Games is seeking a Senior Security Engineer to lead efforts in safeguarding information systems at... ...will have over 5 years of experience in incident response and security investigations, skilled in analyzing threats and managing response lifecycles. This full-time...Full time
- The Consulting Solutions is looking for an experienced Product Manager to lead a team focusing on security workflows at Datadog. You will define product strategies, manage roadmaps, and collaborate with engineering, design, and sales teams. The ideal candidate has extensive...
$204k - $240k
Etsy, Inc. is looking for a seasoned security professional in New York to lead incident response initiatives and strengthen detection processes. Candidates should have 9+ years of experience in security roles, particularly in incident response, alongside a firm understanding...- ...is seeking a professional to join their customer-focused team in the United States. In this role, you will enhance herd... ...breeding services while utilizing advanced technologies. Responsibilities include detecting heats in cows, inseminating them, and managing fertility...
$152.7k - $294k
...connected powerhouse of diverse teams and take your career... ...and time-to-value at scale. Responsible for providing strategic direction... ...multiple priorities, leading cross-functional initiatives... ...IaC scanning, DSPM, runtime threat detection, and vulnerability management...Summer holidayLocal areaFlexible hours- ...Position Name: Team Lead Reports to: Client Technology Manager Location/Type: NYC Full... ...growing support department. You will be responsible for a team of Junior Systems Engineers... ...Sophos or similar product for endpoint threat management Basic understanding of virtualization...Full timeWork at office
- ...Role: AI Team Lead Location: NYC, NY Project description We're seeking an... ...biggest financial institutions in USA. Responsibilities ~ Design, develop and deploy ML/... ...: metrics, logging, model drift detection, and alerting. ~ Conduct A/B...
$33 - $35 per hour
...POSITION SUMMARY The Lead Handler will be responsible for overseeing the Handlers... ...search, and trace detection as needed ~ Perform... ...required for assigned Canine Teams ~ Manage, supervise... ...search cargo and identify threats ~ Perform Handler duties...Hourly payContract workLocal areaFlexible hoursNight shiftWeekend work- ...looking for a Customer Support Lead to build and run Fun's end-... ...ll join a lean, high-caliber team with outsized impact on how this... ...its next phase of growth. Responsibilities Support Operations & Team Leadership... ...ticket volume — intent detection, automated classification,...Live inWork from homeMonday to ThursdayShift work
- ...Senior Associate, Security Operations to join its expanding team in New York. This role is pivotal in managing day-to-day security operations and involves coordinating with our managed detection and response provider. The ideal candidate should have over 5 years of experience...
$74.88k - $83.2k
...: Community Philanthropy Manager, Direct Response Location: This role will be remote in the... ...the Marketing, Communications & Content Teams - ensuring alignment with organizational... ...improve donor participation and engagement Leads the project management (through Asana) of...Full timeRemote work- ...and airspace solutions sector. This remote position, which requires travel to Dallas, TX, involves leading a team to manage technical support operations. Responsibilities include overseeing hardware and SaaS support, improving processes, and ensuring high-quality service...Remote job
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Threat Detection & Response - Blue Team Lead. Be the first to apply!
Related searches
- team leader full time New York, NY
- underwriting team lead New York, NY
- team leader mental health New York, NY
- marketing team manager New York, NY
- quality assurance team leader New York, NY
- group home manager New York, NY
- group general manager New York, NY
- executive team lead asset protection New York, NY
- group creative director New York, NY
- worship leader New York, NY

