Jobs Companies Control Risks Embedded Cyber Detection and Response Deputy Team Lead

About this Embedded Cyber Detection and Response Deputy Team Lead role at Control Risks

Control Risks · Onsite · London, England, United Kingdom

The Cyber Detection and Response Deputy Team Lead serves as the operational second-in-command of the Cyber Detection and Response Team (DART), bridging the gap between hands-on cyber operations and team leadership. The role supports the Team Lead in the ongoing development, maturation, and delivery of the client's detection and response capabilities, while providing technical leadership and operational oversight across day-to-day security operations.

This position remains actively involved in threat detection, incident response, threat hunting, and detection engineering activities while also assuming supervisory and coordination responsibilities. The Deputy Team Lead acts as the designated escalation point for analysts, leads operational activities during off-hours, and assumes Team Lead responsibilities during periods of absence, ensuring continuous delivery of a high-quality detection and response service.

This role will be a part of a 24/7 team and cover Monday-Friday: 9:00 am-5:00 pm London Time

Requirements

Responsibilities

  • Serve as the primary escalation point for Cyber Detection and Response Analysts during assigned shifts and out-of-hours operations.
  • Lead and coordinate investigations into high-severity cyber security incidents, ensuring timely containment, remediation, and reporting.
  • Oversee the triage and investigation of security events across endpoint, network, cloud, and identity environments.
  • Conduct advanced threat hunting activities to identify emerging threats, undetected adversary activity, and gaps in detection coverage.
  • Support incident response activities including forensic analysis, root cause determination, remediation planning, and post-incident reviews.
  • Collaborate with Security Engineering to improve detection logic, automate workflows, and optimize security tooling.
  • Act as Team Lead during periods of absence, leave, or out-of-hours coverage.
  • Review investigation quality, reporting standards, and analyst outputs to ensure consistency and operational excellence.
  • Contribute to performance feedback discussions and professional development planning.
  • Support the Team Lead in implementing new detection and response initiatives, technologies, and operational improvements.
  • Assist with establishing and refining SOPs, playbooks, escalation frameworks, and response processes.
  • Participate in planning activities with Security Engineering and client stakeholders to improve overall security posture.
  • Identify opportunities to enhance team effectiveness through automation, workflow optimization, and process improvements.
  • Support the Team Lead in maintaining strong relationships with client security, technology, and business stakeholders.
  • Provide operational updates and incident briefings to internal and client stakeholders as required.
  • Ensure clear communication and documentation throughout investigations and response activities.

Qualifications

  • 7+ years of experience in cybersecurity, with significant experience in incident response, SOC operations, threat hunting, or cyber defense.
  • Demonstrated experience mentoring analysts, leading investigations, or serving as a technical lead within a security operations environment.
  • Strong hands-on experience with SIEM, EDR/XDR, SOAR, IDS/IPS, log management, and cloud security technologies.
  • Experience with platforms such as Splunk, Microsoft Sentinel, CrowdStrike, SentinelOne, Palo Alto, Microsoft Defender, or equivalent technologies.
  • Strong understanding of incident response methodologies, digital forensics principles, malware analysis, and threat hunting techniques.
  • Working knowledge of the MITRE ATT&CK Framework, NIST Cybersecurity Framework, and incident response best practices.
  • Experience supporting operational improvement initiatives, tool implementations, or security program maturity efforts.
  • Strong analytical, troubleshooting, and problem-solving skills.
  • Ability to communicate technical concepts effectively to both technical and non-technical audiences.
  • Experience working within a 24/7 operational environment and participating in on-call or escalation rotations.
  • Preferred certifications include CISSP, GCIH, GCIA, GCFA, GSOM, CISM, or equivalent.
Ready to apply to Control Risks?
Apply to Control Risks

About Control Risks

Control Risks is a unique organisation to be a part of. Our ultimate success depends on recruiting and retaining talented people and stimulating their creativity and professionalism. Through our culture and the diverse nature and backgrounds of our employees we create an organisation in which you can be yourself in and can enjoy your work. Control Risks provides real benefit to many of the world’s leading organisations, and you can expect direct responsibility early on in your role, career development and the opportunity to work on some fascinating projects in a rewarding, innovative and inclusive environment.

See all jobs at Control Risks →

Similar jobs

Sign up for suggestions tailored to the jobs you open and the searches you save.

More jobs at Control Risks

See all jobs at Control Risks →

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get an edge on your job hunt.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free