Threat Detection & Response - Blue Team Lead

KKR is a leading global investment firm that offers alternative asset management as well as capital markets and insurance solutions. KKR aims to generate attractive investment returns by following a patient and disciplined investment approach, employing world-class people, and supporting growth in its portfolio companies and communities. KKR sponsors investment funds that invest in private equity, credit and real assets and has strategic partners that manage hedge funds. KKR’s insurance subsidiaries offer retirement, life and reinsurance products under the management of Global Atlantic Financial Group. References to KKR’s investments may include the activities of its sponsored funds and insurance subsidiaries.

KKR's Technology organization is a group of passionate technologists and product managers, unified by a shared mission to deliver exceptional products and solutions that drive value for our stakeholders, clients, and investors. Our passion for technology and innovation fuels our commitment to creating high-quality, impactful solutions that address complex challenges and meet the evolving needs of our sophisticated businesses.

Teamwork is at the core of the organization’s success.  We thrive on open collaboration and continuous learning, driving a culture that values diversity of thought and collective achievement.  Our global footprint enables us to integrate diverse perspectives into product and solution delivery, resulting in comprehensive, adaptable, and scalable solutions. We optimize for impact, prioritizing and delivering solutions with excellence while remaining agile in response to the evolving needs of our businesses.

We are seeking a Blue Team Lead to serve as KKR’s U.S. Regional Lead and escalation point for complex cyber incidents within the Threat Detection & Response (TD&R) function in our New York or Boston office. This is a senior incident response leadership role combining deep investigative expertise with ownership of incident command, containment strategy, stakeholder communication, and response readiness. This is an in-office position, 5 days per week.

KKR operates in a hybrid environment today; however, our operating model is increasingly cloud-first and identity-first, with growing focus on runtime and SaaS as primary investigative surfaces. This role will help shape how we respond in that future state - partnering closely with our MSSP, internal Computer Incident Response Team (CIRT), and engineering counterparts to drive faster, more consistent outcomes.

You will also be a key operational partner to the TDR SOC Engineer (SOC Engineering, Automation & Agentic Workflows) role. The Blue Team Lead defines the incident response requirements, validates that workflows and automation are usable under pressure, and ensures lessons learned translate into durable improvements across people, process, and technology.

• →6+ years in Incident Response, Security Operations, or Blue Team roles, including leading high-severity incidents end-to-end.
• →Proven ability to serve as an escalation lead and incident commander—calm, decisive leadership in ambiguous, high-pressure situations.
• →Strong communication skills: able to translate complex technical details into clear, actionable updates for executives and stakeholders.
• →Experience operating in cloud-forward enterprises, including hybrid environments spanning SaaS, cloud-native workloads, and on-prem systems.
• →Strong familiarity with identity-centric security models and investigations (federated identity, IAM abuse patterns, token theft, conditional access signals).
• →Working knowledge of cloud-native architectures (containers/Kubernetes, serverless, CI/CD) and the investigative/containment challenges they introduce.
• →Experience partnering with MSSPs and distributed teams; comfortable operating in a hybrid SOC model (internal + ReliaQuest).
• →Familiarity with MITRE ATT&CK and applying it to investigative thinking, readiness planning, and validation priorities.
• →Experience designing, using, or validating automated response workflows (SOAR) and promoting safe automation patterns.
• →Exposure to AI-assisted SOC/IR tooling, including governance considerations (data handling, audit logging, human approval, evaluation).
• →Experience with purple teaming, detection validation, or adversary simulation platforms (e.g., Atomic Red Team, Caldera, Cymulate). (Preferred)
• →Ability to influence engineering roadmaps (telemetry, enrichment, workflow improvements) based on operational pain points and incident learnings. (Preferred)

• Incident leader: takes ownership, drives clarity, and brings structure to high-severity response.
• Technically deep and business-aware: understands attacker behavior and business impact equally well.
• Operationally disciplined: strong instincts for repeatability, playbooks, and learning loops.
• Collaborative and influential: can align MSSP + internal teams, and partner effectively with SOC Engineering and platform teams.
• Future-oriented: comfortable modernizing response for cloud-first and AI-enabled operating models.

WHY JOIN US?
This is a pivotal leadership role in a globally scaled Threat Detection & Response function at a leading investment firm. As U.S. Regional Lead, you will shape incident response outcomes for critical enterprise operations and directly influence how KKR modernizes response for a cloud-first, AI-enabled future. You’ll partner with a high-performing MSSP and an engineering-driven TDR team to improve readiness, accelerate containment, and raise the bar on response quality across the organization.