Cyber Defense Center Team Lead

Location:
4910 Tiedeman Road - Brooklyn, Ohio 44144

Full Time|2nd Shift (1 PM EST - 10 PM EST, Monday-Friday)

Our Cyber Threat Response team (aka the SOC) rolls up into Key's broader Cyber Defense function within Corporate Information Security. Cyber Defense's mission is simple: We aim to Deter, Detect, Deny, and Disrupt adversaries through proactive threat-centric defense.

Are you a seasoned cybersecurity professional with a passion for leading from the front lines of cyber defense? We're seeking a dynamic and technically proficient Security Operations Center (SOC) Team Lead to oversee second-shift operations within our Cyber Threat Response team. In this crucial role, you'll lead daily SOC activities, ensuring swift and effective triage of security events and incidents. You'll serve as a technical escalation point, mentor and develop analysts, and foster a high-performance culture rooted in accountability, continuous improvement, and operational excellence. This is an opportunity for a self-driven leader to make a tangible impact in a fast-paced, mission-critical environment.

Key Responsibilities

• Lead and support SOC analysts during the second shift, ensuring effective monitoring, triage, containment, and response to security incidents.
• Coordinate incident response activities and ensure prompt documentation and resolution.
• Maintain and improve shift-specific SOC processes, playbooks, and standard operating procedures.
• Produce comprehensive incident reports with root cause analysis, timelines, and recommended corrective actions.
• Continuously improve SOC performance by tracking and reporting on key metrics such as mean time to detect (MTTD), mean time to respond (MTTR), and false positive rates. Use data to drive process optimization and analyst efficiency.
• Participate in tabletop and purple team exercises.
• Conduct proactive threat hunting and analysis to identify emerging threats and vulnerabilities.
• Providing detailed shift handover reports, collaborating with other shift leads to ensure operational continuity.
• Serve as an escalation point, mentor and develop SOC analysts, raising the technical bar through case reviews, scenario-based training, and real-time guidance during critical events.
• Stay current with evolving threat landscapes and recommend improvements to tools, processes, and detection strategies. Understand threats across infrastructure, application, and cloud layers.
• Support Incident Response and Detection Engineering development activities.
• Ability to provide after-hours support as part of a monthly scheduled on-call rotation.
• Contribute to post-incident reviews and lessons learned, helping improve detection logic, containment actions, playbooks, and response strategy over time.

Required Qualifications

• Bachelor's in Computer Science, Cybersecurity, or related field-or equivalent experience
• 2+ years in a SOC, Incident Response, or digital forensics role.
• Proficient with core security technologies including SIEM platforms, EDR solutions, packet capture tools, and forensic analysis toolkits.
• Knowledge of MITRE ATT&CK and D3FEND frameworks, network protocols, malware behavior, and adversary TTPs.
• Solid understanding of cloud service providers (AWS, Google Cloud Platform, Azure) and the unique security challenges they present in modern SOC environments.
• Deep awareness of evolving cyber threats, with contextual understanding of risks specific to the financial services industry.
• Demonstrated ability to perform risk-based analysis and make sound decisions under pressure.
• Experience with scripting languages such as Python, PowerShell, Bash, or similar languages.
• Proven incident response capabilities, including threat analysis, containment, and root cause diagnosis.
• History of identifying and implementing process improvements that enhance SOC efficiency and effectiveness.
• Initiative-taker with strong initiative, capable of working independently and managing competing priorities.
• Passionate about continuous learning and staying current with emerging technologies and threat landscapes.
• Experienced in mentoring and coaching team members, with a focus on technical growth and professional development.

Preferred Certifications

• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Security Operations Certified (GSOC)
• GIAC Continuous Monitoring (GMON)
• GIAC Reverse Engineering Malware (GREM)
• CompTIA Cybersecurity Analyst+ (CySA+)
• CompTIA Security+ (Sec+)
• CompTIA Network+ (Net+)

COMPENSATION AND BENEFITS
This position is eligible to earn a base salary in the range of $94,000.00 - $175,000.00 annually. Placement within the pay range may differ based upon various factors, including but not limited to skills, experience and geographic location. Compensation for this role also includes eligibility for incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.

Job Posting Expiration Date: 12/02/2025KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, pregnancy, disability, veteran status or any other characteristic protected by law.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing