Location:
4910 Tiedeman Road - Brooklyn, Ohio 44144
Full Time|2nd Shift (1 PM EST - 10 PM EST, Monday-Friday)
Our Cyber Threat Response team (aka the SOC) rolls up into Key's broader Cyber Defense function within Corporate Information Security. Cyber Defense's mission is simple: We aim to Deter, Detect, Deny, and Disrupt adversaries through proactive threat-centric defense.
Are you a seasoned cybersecurity professional with a passion for leading from the front lines of cyber defense We're seeking a dynamic and technically proficient Security Operations Center (SOC) Team Lead to oversee second-shift operations within our Cyber Threat Response team. In this crucial role, you'll lead daily SOC activities, ensuring swift and effective triage of security events and incidents. You'll serve as a technical escalation point, mentor and develop analysts, and foster a high-performance culture rooted in accountability, continuous improvement, and operational excellence. This is an opportunity for a self-driven leader to make a tangible impact in a fast-paced, mission-critical environment.
Key Responsibilities
Lead and support SOC analysts during the second shift, ensuring effective monitoring, triage, containment, and response to security incidents.
Coordinate incident response activities and ensure prompt documentation and resolution.
Maintain and improve shift-specific SOC processes, playbooks, and standard operating procedures.
Produce comprehensive incident reports with root cause analysis, timelines, and recommended corrective actions.
Continuously improve SOC performance by tracking and reporting on key metrics such as mean time to detect (MTTD), mean time to respond (MTTR), and false positive rates. Use data to drive process optimization and analyst efficiency.
Participate in tabletop and purple team exercises.
Conduct proactive threat hunting and analysis to identify emerging threats and vulnerabilities.
Providing detailed shift handover reports, collaborating with other shift leads to ensure operational continuity.
Serve as an escalation point, mentor and develop SOC analysts, raising the technical bar through case reviews, scenario-based training, and real-time guidance during critical events.
Stay current with evolving threat landscapes and recommend improvements to tools, processes, and detection strategies. Understand threats across infrastructure, application, and cloud layers.
Support Incident Response and Detection Engineering development activities.
Ability to provide after-hours support as part of a monthly scheduled on-call rotation.
Contribute to post-incident reviews and lessons learned, helping improve detection logic, containment actions, playbooks, and response strategy over time.
Required Qualifications
Bachelor's in Computer Science, Cybersecurity, or related field-or equivalent experience
2+ years in a SOC, Incident Response, or digital forensics role.
Proficient with core security technologies including SIEM platforms, EDR solutions, packet capture tools, and forensic analysis toolkits.
Knowledge of MITRE ATT&CK and D3FEND frameworks, network protocols, malware behavior, and adversary TTPs.
Solid understanding of cloud service providers (AWS, GCP, Azure) and the unique security challenges they present in modern SOC environments.
Deep awareness of evolving cyber threats, with contextual understanding of risks specific to the financial services industry.
Demonstrated ability to perform risk-based analysis and make sound decisions under pressure.
Experience with scripting languages such as Python, PowerShell, Bash, or similar languages.
Proven incident response capabilities, including threat analysis, containment, and root cause diagnosis.
History of identifying and implementing process improvements that enhance SOC efficiency and effectiveness.
Initiative-taker with strong initiative, capable
