Control Risks
Embedded Cyber Detection and Response Deputy Team Lead

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
The Cyber Detection and Response Deputy Team Lead
The Cyber Detection and Response Deputy Team Lead serves as the operational second-in-command of the Cyber Detection and Response Team (DART), bridging the gap between hands-on cyber operations and team leadership. The role supports the Team Lead in the ongoing development, maturation, and delivery of the client's detection and response capabilities, while providing technical leadership and operational oversight across day-to-day security operations.
This position remains actively involved in threat detection, incident response, threat hunting, and detection engineering activities while also assuming supervisory and coordination responsibilities. The Deputy Team Lead acts as the designated escalation point for analysts, leads operational activities during off-hours, and assumes Team Lead responsibilities during periods of absence, ensuring continuous delivery of a high-quality detection and response service.
This role will be a part of a 24/7 team and cover Monday-Friday: 9:00 am-5:00 pm London Time
Responsibilities
- Serve as the primary escalation point for Cyber Detection and Response Analysts during assigned shifts and out-of-hours operations.
- Lead and coordinate investigations into high-severity cyber security incidents, ensuring timely containment, remediation, and reporting.
- Oversee the triage and investigation of security events across endpoint, network, cloud, and identity environments.
- Conduct advanced threat hunting activities to identify emerging threats, undetected adversary activity, and gaps in detection coverage.
- Support incident response activities including forensic analysis, root cause determination, remediation planning, and post-incident reviews.
- Collaborate with Security Engineering to improve detection logic, automate workflows, and optimize security tooling.
- Act as Team Lead during periods of absence, leave, or out-of-hours coverage.
- Review investigation quality, reporting standards, and analyst outputs to ensure consistency and operational excellence.
- Contribute to performance feedback discussions and professional development planning.
- Support the Team Lead in implementing new detection and response initiatives, technologies, and operational improvements.
- Assist with establishing and refining SOPs, playbooks, escalation frameworks, and response processes.
- Participate in planning activities with Security Engineering and client stakeholders to improve overall security posture.
- Identify opportunities to enhance team effectiveness through automation, workflow optimization, and process improvements.
- Support the Team Lead in maintaining strong relationships with client security, technology, and business stakeholders.
- Provide operational updates and incident briefings to internal and client stakeholders as required.
- Ensure clear communication and documentation throughout investigations and response activities.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Qualifications


Get help with your application
Your very own career expert that helps elevate your application to the next level.
- 7+ years of experience in cybersecurity, with significant experience in incident response, SOC operations, threat hunting, or cyber defense.
- Demonstrated experience mentoring analysts, leading investigations, or serving as a technical lead within a security operations environment.
- Strong hands-on experience with SIEM, EDR/XDR, SOAR, IDS/IPS, log management, and cloud security technologies.
- Experience with platforms such as Splunk, Microsoft Sentinel, CrowdStrike, SentinelOne, Palo Alto, Microsoft Defender, or equivalent technologies.
- Strong understanding of incident response methodologies, digital forensics principles, malware analysis, and threat hunting techniques.
- Working knowledge of the MITRE ATT&CK Framework, NIST Cybersecurity Framework, and incident response best practices.
- Experience supporting operational improvement initiatives, tool implementations, or security program maturity efforts.
- Strong analytical, troubleshooting, and problem-solving skills.
- Ability to communicate technical concepts effectively to both technical and non-technical audiences.
- Experience working within a 24/7 operational environment and participating in on-call or escalation rotations.
- Preferred certifications include CISSP, GCIH, GCIA, GCFA, GSOM, CISM, or equivalent.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location