Security Detection Engineer

Why we're hiring:

Detection Engineering is responsible for designing, developing, and maintaining high-fidelity detection logic across enterprise security platforms. This role focuses on proactive threat detection, automation-first practices, and continuous improvement of detection coverage and accuracy, supporting the WPP SOC transformation into an Autonomic Security Operations model.

What you'll be doing:

• Develop, test, and maintain detection rules and logic across SIEM, EDR, NDR, and cloud-native platforms.
•  Regularly review and enhance detection logic to improve accuracy, reduce noise, and align with evolving threats.
• Work with wider WPP engineering teams to ensure high-quality, normalized telemetry for effective detection.
• Automate detection rule deployment, QA, and version control using scripting and CI/CD pipelines.

Root Cause Analysis (RCA)

• Conduct RCA on missed detections, delayed responses, and high-severity incidents.
•  Identify technical and process-level causes of detection failures or inefficiencies.
• Drive corrective actions based on RCA outcomes (e.g., rule improvements, visibility gaps).
• Continuous Security Improvement (CSI)
• Maintain a CSI backlog (detection gaps, telemetry blind spots, false positives to reduce).
•  Analyze detection performance metrics to identify trends and opportunities for improvement.
• Align detection priorities with business risk and the SOC transformation roadmap.
• Cross-Team Collaboration
• Collaborate with SOC, Incident Response, and Threat Hunting teams to operationalize detection improvements.
•  Work with Threat Intelligence teams to integrate emerging TTPs into detection logic.
• Contribute to purple team exercises by validating detection logic against simulated attack paths.

Strategic Alignment to GCAT SOC10x

• 10X People: Continuous learning and knowledge sharing within the team.
• 10X Process: Embed agile workflows and automation-first principles.
• 10X Technology: Leverage AI/ML for detection tuning and anomaly detectio.
• 10X Visibility: Ensure comprehensive telemetry ingestion and observability.
• 10X Speed: Reduce detection-to-response cycle through orchestration and automation.

What you'll need:

Technical Expertise

• Strong knowledge of SIEM, SOAR, EDR, and cloud security platforms.
• Proficiency in scripting and automation (Python, PowerShell).
• Familiarity with detection-as-code principles and CI/CD pipelines.
• Understanding of MITRE ATT&CK framework and threat-informed defense.

Collaboration & Communication

•  Ability to work closely with SOC analysts, threat hunters, and engineers.
• Skilled in documenting detection logic and RCA outcomes.

Certifications (Preferred)

• GIAC GCTI, GCFA, or equivalent advanced security certifications.

Key Attributes

• Automation-first mindset with focus on scalability and resilience.
• Strong analytical and problem-solving skills.
• Excellent communication and teamwork capabilities.

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?