Security Detection Engineer
Why we're hiring:
Detection Engineering is responsible for designing, developing, and maintaining high-fidelity detection logic across enterprise security platforms. This role focuses on proactive threat detection, automation-first practices, and continuous improvement of detection coverage and accuracy, supporting the WPP SOC transformation into an Autonomic Security Operations model.
What you'll be doing:
- Develop, test, and maintain detection rules and logic across SIEM, EDR, NDR, and cloud-native platforms.
- Regularly review and enhance detection logic to improve accuracy, reduce noise, and align with evolving threats.
- Work with wider WPP engineering teams to ensure high-quality, normalized telemetry for effective detection.
- Automate detection rule deployment, QA, and version control using scripting and CI/CD pipelines.
Root Cause Analysis (RCA)
- Conduct RCA on missed detections, delayed responses, and high-severity incidents.
- Identify technical and process-level causes of detection failures or inefficiencies.
- Drive corrective actions based on RCA outcomes (e.g., rule improvements, visibility gaps).
- Continuous Security Improvement (CSI)
- Maintain a CSI backlog (detection gaps, telemetry blind spots, false positives to reduce).
- Analyze detection performance metrics to identify trends and opportunities for improvement.
- Align detection priorities with business risk and the SOC transformation roadmap.
- Cross-Team Collaboration
- Collaborate with SOC, Incident Response, and Threat Hunting teams to operationalize detection improvements.
- Work with Threat Intelligence teams to integrate emerging TTPs into detection logic.
- Contribute to purple team exercises by validating detection logic against simulated attack paths.
Strategic Alignment to GCAT SOC10x
- 10X People: Continuous learning and knowledge sharing within the team.
- 10X Process: Embed agile workflows and automation-first principles.
- 10X Technology: Leverage AI/ML for detection tuning and anomaly detectio.
- 10X Visibility: Ensure comprehensive telemetry ingestion and observability.
- 10X Speed: Reduce detection-to-response cycle through orchestration and automation.
What you'll need:
Technical Expertise
- Strong knowledge of SIEM, SOAR, EDR, and cloud security platforms.
- Proficiency in scripting and automation (Python, PowerShell).
- Familiarity with detection-as-code principles and CI/CD pipelines.
- Understanding of MITRE ATT&CK framework and threat-informed defense.
Collaboration & Communication
- Ability to work closely with SOC analysts, threat hunters, and engineers.
- Skilled in documenting detection logic and RCA outcomes.
Certifications (Preferred)
- GIAC GCTI, GCFA, or equivalent advanced security certifications.
Key Attributes
- Automation-first mindset with focus on scalability and resilience.
- Strong analytical and problem-solving skills.
- Excellent communication and teamwork capabilities.
Who you are:
You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.
You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.
You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.
What we'll give you:
Passionate, inspired people - We aim to create a culture in which people can do extraordinary work.
Scale and opportunity - We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.
Challenging and stimulating work - Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?