The Cyber Detection and Response Deputy Team Lead serves as the operational second-in-command of the Cyber Detection and Response Team (DART), bridging the gap between hands-on cyber operations and team leadership. The role supports the Team Lead in the ongoing development, maturation, and delivery of the client's detection and response capabilities, while providing technical leadership and operational oversight across day-to-day security operations.
This position remains actively involved in threat detection, incident response, threat hunting, and detection engineering activities while also assuming supervisory and coordination responsibilities. The Deputy Team Lead acts as the designated escalation point for analysts, leads operational activities during off-hours, and assumes Team Lead responsibilities during periods of absence, ensuring continuous delivery of a high-quality detection and response service.
This role will be a part of a 24/7 team and cover Monday-Friday: 9:00 am-5:00 pm London Time
Requirements
Responsibilities
- Serve as the primary escalation point for Cyber Detection and Response Analysts during assigned shifts and out-of-hours operations.
- Lead and coordinate investigations into high-severity cyber security incidents, ensuring timely containment, remediation, and reporting.
- Oversee the triage and investigation of security events across endpoint, network, cloud, and identity environments.
- Conduct advanced threat hunting activities to identify emerging threats, undetected adversary activity, and gaps in detection coverage.
- Support incident response activities including forensic analysis, root cause determination, remediation planning, and post-incident reviews.
- Collaborate with Security Engineering to improve detection logic, automate workflows, and optimize security tooling.
-
Act as Team Lead during periods of absence, leave, or out-of-hours coverage.
- Review investigation quality, reporting standards, and analyst outputs to ensure consistency and operational excellence.
- Contribute to performance feedback discussions and professional development planning.
-
Support the Team Lead in implementing new detection and response initiatives, technologies, and operational improvements.
- Assist with establishing and refining SOPs, playbooks, escalation frameworks, and response processes.
- Participate in planning activities with Security Engineering and client stakeholders to improve overall security posture.
- Identify opportunities to enhance team effectiveness through automation, workflow optimization, and process improvements.
-
Support the Team Lead in maintaining strong relationships with client security, technology, and business stakeholders.
- Provide operational updates and incident briefings to internal and client stakeholders as required.
- Ensure clear communication and documentation throughout investigations and response activities.
Qualifications
-
7+ years of experience in cybersecurity, with significant experience in incident response, SOC operations, threat hunting, or cyber defense.
- Demonstrated experience mentoring analysts, leading investigations, or serving as a technical lead within a security operations environment.
- Strong hands-on experience with SIEM, EDR/XDR, SOAR, IDS/IPS, log management, and cloud security technologies.
- Experience with platforms such as Splunk, Microsoft Sentinel, CrowdStrike, SentinelOne, Palo Alto, Microsoft Defender, or equivalent technologies.
- Strong understanding of incident response methodologies, digital forensics principles, malware analysis, and threat hunting techniques.
- Working knowledge of the MITRE ATT&CK Framework, NIST Cybersecurity Framework, and incident response best practices.
- Experience supporting operational improvement initiatives, tool implementations, or security program maturity efforts.
- Strong analytical, troubleshooting, and problem-solving skills.
- Ability to communicate technical concepts effectively to both technical and non-technical audiences.
- Experience working within a 24/7 operational environment and participating in on-call or escalation rotations.
- Preferred certifications include CISSP, GCIH, GCIA, GCFA, GSOM, CISM, or equivalent.