Security Operations Manager

This range is provided by Belcan. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$120,000.00/yr - $160,000.00/yr

Direct message the job poster from Belcan

A SOC Manager job in Cincinnati, OH is currently available at Belcan! This position will be primarily responsible for maintaining and enhancing an operating environment consisting of security technologies. You will collaborate with Tier 1 analysts, senior engineers, and other security team members to investigate escalated incidents, continuously improve visibility, detect and prevent threats, and provide in-depth reporting to protect Belcan Customer IP, Belcan Employee data, and support both IT and Regulatory Initiatives.

Job Duties:

Leadership & Team Management

· Lead a team of SOC analysts (Tier 1-3), incident responders, and threat intelligence personnel.

· Define and enforce team roles, responsibilities, and escalation protocols.

· Manage shift schedules to ensure 24/7 coverage and operational readiness.

· Conduct performance reviews and provide ongoing training, coaching, and mentorship.

Security Monitoring & Incident Response

· Oversee day-to-day monitoring of security alerts across multiple tools (SIEM, EDR, DLP, etc.).

· Lead incident triage, investigation, containment, and recovery processes for security incidents, especially phishing attacks and data exfiltration attempts.

· Maintain and continuously improve the organization"s incident response plan (IRP) and playbooks.

· Coordinate post-incident reviews and develop lessons learned and remediation actions.

DLP Program Oversight

· Manage and enhance DLP strategy and tool configurations to protect sensitive data (PII, PCI, IP).

· Oversee alert tuning, policy reviews, and enforcement mechanisms.

· Coordinate with data owners and legal/compliance stakeholders to align DLP rules with regulatory and business requirements.

Phishing Defense

· Supervise phishing detection, analysis, and takedown activities.

· Guide email filtering, threat intelligence enrichment, and response efforts.

· Collaborate with end-user awareness teams to drive education and reporting metrics.

SIEM Management & Health

· Architect and maintain the SIEM environment, ensuring comprehensive log ingestion from critical assets (firewalls, endpoints, servers, cloud, etc.).

· Perform and supervise regular SIEM health checks, including data ingestion validation, parsing accuracy, and correlation rule effectiveness.

· Optimize use cases and implement threat detection rules aligned with the MITRE ATT&CK framework.

· Manage AV/EDR tooling strategy and ensure its effective deployment across the enterprise.

· Review endpoint telemetry to support threat detection, hunting, and response.

· Coordinate with IT and endpoint management teams on policy compliance and remediation efforts.

Access and Permissions Review

· Lead periodic user access and permissions reviews for critical systems and applications.

· Ensure enforcement of least privilege and segregation of duties (SoD) principles.

· Work with IAM and compliance teams to audit and improve account lifecycle management.

Reporting & Metrics

· Develop and deliver actionable SOC KPIs, risk dashboards, and executive reports.

· Track SOC maturity and readiness using frameworks like NIST CSF, MITRE, or CIS.

· Provide input to security posture assessments and continuous improvement initiatives.

Stakeholder Communication

· Serve as a liaison between the SOC and other departments including IT, Compliance, Legal, and Business Units.

· Communicate complex technical issues clearly to non-technical audiences, including executives.

· Participate in internal and external audits, and lead response to regulatory inquiries related to security operations.

Required Qualifications:

· 8+ years of experience in cybersecurity, with at least 3 years in a SOC leadership role.

Deep technical expertise in:

· SIEM architecture (e.g., Splunk, QRadar, Sentinel) and log management.

· Endpoint security and AV/EDR platforms (e.g., CrowdStrike, Microsoft Defender, Carbon Black).

· DLP tools and processes (e.g., Symantec, Forcepoint, Microsoft Purview).

· Incident response tools and methodologies.

· Identity and access reviews and entitlement management.

· Demonstrated experience in SOC metrics development, alert tuning, and threat detection rule engineering.

· Strong understanding of security frameworks and standards (e.g., MITRE ATT&CK, NIST, ISO 27001).

· Familiarity with cloud security monitoring (AWS/GCP/Azure) and hybrid environments.

· Due to the nature of the work performed, US CITIZENSHIP IS A REQUIREMENT!

Preferred Qualifications & Skills:

· Experience with SOAR platforms for automated response and playbook execution.

· Familiarity with Intrusion Detection and Prevention Systems (IDS/IPS).

· Experience with cloud security monitoring (e.g., Azure, AWS).

· Knowledge of identity and access management (IAM) concepts.

· Industry security certifications (GCIH, GCFA, CySA+, CISSP) preferred.

· Understanding of MITRE ATT&CK framework

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  IT Services and IT Consulting

Referrals increase your chances of interviewing at Belcan by 2x

Medical insurance

Vision insurance

401(k)

Paid maternity leave

Paid paternity leave

Tuition assistance

Get notified about new Security Operations Manager jobs in Cincinnati, OH.

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.