Job Description

A SOC Manager job in Cincinnati, OH is currently available at Belcan! This position will be primarily responsible for maintaining and enhancing an operating environment consisting of security technologies. You will collaborate with Tier 1 analysts, senior engineers, and other security team members to investigate escalated incidents, continuously improve visibility, detect and prevent threats, and provide in-depth reporting to protect Belcan Customer IP, Belcan Employee data, and support both IT and Regulatory Initiatives.

Job Duties:

Leadership & Team Management

· Lead a team of SOC analysts (Tier 1-3), incident responders, and threat intelligence personnel.

· Define and enforce team roles, responsibilities, and escalation protocols.

· Manage shift schedules to ensure 24/7 coverage and operational readiness.

· Conduct performance reviews and provide ongoing training, coaching, and mentorship.

Security Monitoring & Incident Response

· Oversee day-to-day monitoring of security alerts across multiple tools (SIEM, EDR, DLP, etc.).

· Lead incident triage, investigation, containment, and recovery processes for security incidents, especially phishing attacks and data exfiltration attempts.

· Maintain and continuously improve the organization"s incident response plan (IRP) and playbooks.

· Coordinate post-incident reviews and develop lessons learned and remediation actions.

DLP Program Oversight

· Manage and enhance DLP strategy and tool configurations to protect sensitive data (PII, PCI, IP).

· Oversee alert tuning, policy reviews, and enforcement mechanisms.

· Coordinate with data owners and legal/compliance stakeholders to align DLP rules with regulatory and business requirements.

Phishing Defense

· Supervise phishing detection, analysis, and takedown activities.

· Guide email filtering, threat intelligence enrichment, and response efforts.

· Collaborate with end-user awareness teams to drive education and reporting metrics.

SIEM Management & Health

· Architect and maintain the SIEM environment, ensuring comprehensive log ingestion from critical assets (firewalls, endpoints, servers, cloud, etc.).

· Perform and supervise regular SIEM health checks, including data ingestion validation, parsing accuracy, and correlation rule effectiveness.

· Optimize use cases and implement threat detection rules aligned with the MITRE ATT&CK framework.

Endpoint Protection Oversight

· Manage AV/EDR tooling strategy and ensure its effective deployment across the enterprise.

· Review endpoint telemetry to support threat detection, hunting, and response.

· Coordinate with IT and endpoint management teams on policy compliance and remediation efforts.

Access and Permissions Review

· Lead periodic user access and permissions reviews for critical systems and applications.

· Ensure enforcement of least privilege and segregation of duties (SoD) principles.

· Work with IAM and compliance teams to audit and improve account lifecycle management.

Reporting & Metrics

· Develop and deliver actionable SOC KPIs, risk dashboards, and executive reports.

· Track SOC maturity and readiness using frameworks like NIST CSF, MITRE, or CIS.

· Provide input to security posture assessments and continuous improvement initiatives.

Stakeholder Communication

· Serve as a liaison between the SOC and other departments including IT, Compliance, Legal, and Business Units.

· Communicate complex technical issues clearly to non-technical audiences, including executives.

· Participate in internal and external audits, and lead response to regulatory inquiries related to security operations.

Required Qualifications:

· 8+ years of experience in cybersecurity, with at least 3 years in a SOC leadership role.

Deep technical expertise in:

· SIEM architecture (e.g., Splunk, QRadar, Sentinel) and log management.

· Endpoint security and AV/EDR platforms (e.g., CrowdStrike, Microsoft Defender, Carbon Black).

· DLP tools and processes (e.g., Symantec, Forcepoint, Microsoft Purview).

· Incident response tools and methodologies.

· Identity and access reviews and entitlement management.

· Demonstrated experience in SOC metrics development, alert tuning, and threat detection rule engineering.

· Strong understanding of security frameworks and standards (e.g., MITRE ATT&CK, NIST, ISO 27001).

· Familiarity with cloud security monitoring (AWS/GCP/Azure) and hybrid environments.

· Due to the nature of the work performed, US CITIZENSHIP IS A REQUIREMENT!

Preferred Qualifications & Skills:

· Experience with SOAR platforms for automated response and playbook execution.

· Familiarity with Intrusion Detection and Prevention Systems (IDS/IPS).

· Experience with cloud security monitoring (e.g., Azure, AWS).

· Knowledge of identity and access management (IAM) concepts.

· Industry security certifications (GCIH, GCFA, CySA+, CISSP) preferred.

· Understanding of MITRE ATT&CK framework

Job Tags

Similar Jobs