Security Detection Engineer

Why we're hiring:

Detection Engineering is responsible for designing, developing, and maintaining high-fidelity detection logic across enterprise security platforms. This role focuses on proactive threat detection, automation-first practices, and continuous improvement of detection coverage and accuracy, supporting the WPP SOC transformation into an Autonomic Security Operations model.

What you'll be doing:

• Develop, test, and maintain detection rules and logic across SIEM, EDR, NDR, and cloud-native platforms.
•  Regularly review and enhance detection logic to improve accuracy, reduce noise, and align with evolving threats.
• Work with wider WPP engineering teams to ensure high-quality, normalized telemetry for effective detection.
• Automate detection rule deployment, QA, and version control using scripting and CI/CD pipelines.

• Conduct RCA on missed detections, delayed responses, and high-severity incidents.
•  Identify technical and process-level causes of detection failures or inefficiencies.
• Drive corrective actions based on RCA outcomes (e.g., rule improvements, visibility gaps).
• Continuous Security Improvement (CSI)
• Maintain a CSI backlog (detection gaps, telemetry blind spots, false positives to reduce).
•  Analyze detection performance metrics to identify trends and opportunities for improvement.
• Align detection priorities with business risk and the SOC transformation roadmap.
• Cross-Team Collaboration
• Collaborate with SOC, Incident Response, and Threat Hunting teams to operationalize detection improvements.
•  Work with Threat Intelligence teams to integrate emerging TTPs into detection logic.
• Contribute to purple team exercises by validating detection logic against simulated attack paths.

• 10X People: Continuous learning and knowledge sharing within the team.
• 10X Process: Embed agile workflows and automation-first principles.
• 10X Technology: Leverage AI/ML for detection tuning and anomaly detectio.
• 10X Visibility: Ensure comprehensive telemetry ingestion and observability.
• 10X Speed: Reduce detection-to-response cycle through orchestration and automation.

What you'll need:

• Strong knowledge of SIEM, SOAR, EDR, and cloud security platforms.
• Proficiency in scripting and automation (Python, PowerShell).
• Familiarity with detection-as-code principles and CI/CD pipelines.
• Understanding of MITRE ATT&CK framework and threat-informed defense.

•  Ability to work closely with SOC analysts, threat hunters, and engineers.
• Skilled in documenting detection logic and RCA outcomes.

• GIAC GCTI, GCFA, or equivalent advanced security certifications.

• Automation-first mindset with focus on scalability and resilience.
• Strong analytical and problem-solving skills.
• Excellent communication and teamwork capabilities.

Who you are: