Security Detection Engineer
Confirmed live in the last 24 hours
WPP
Job Description
WPP is the trusted growth partner for the world’s leading brands.
We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.
We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise.
Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.
For more information, visit WPP.com.
Why we're hiring:
Detection Engineering is responsible for designing, developing, and maintaining high-fidelity detection logic across enterprise security platforms. This role focuses on proactive threat detection, automation-first practices, and continuous improvement of detection coverage and accuracy, supporting the WPP SOC transformation into an Autonomic Security Operations model.
What you'll be doing:
- Develop, test, and maintain detection rules and logic across SIEM, EDR, NDR, and cloud-native platforms.
- Regularly review and enhance detection logic to improve accuracy, reduce noise, and align with evolving threats.
- Work with wider WPP engineering teams to ensure high-quality, normalized telemetry for effective detection.
- Automate detection rule deployment, QA, and version control using scripting and CI/CD pipelines.
Root Cause Analysis (RCA)
- Conduct RCA on missed detections, delayed responses, and high-severity incidents.
- Identify technical and process-level causes of detection failures or inefficiencies.
- Drive corrective actions based on RCA outcomes (e.g., rule improvements, visibility gaps).
- Continuous Security Improvement (CSI)
- Maintain a CSI backlog (detection gaps, telemetry blind spots, false positives to reduce).
- Analyze detection performance metrics to identify trends and opportunities for improvement.
- Align detection priorities with business risk and the SOC transformation roadmap.
- Cross-Team Collaboration
- Collaborate with SOC, Incident Response, and Threat Hunting teams to operationalize detection improvements.
- Work with Threat Intelligence teams to integrate emerging TTPs into detection logic.
- Contribute to purple team exercises by validating detection logic against simulated attack paths.
Strategic Alignment to GCAT SOC10x
- 10X People: Continuous learning and knowledge sharing within the team.
- 10X Process: Embed agile workflows and automation-first principles.
- 10X Technology: Leverage AI/ML for detection tuning and anomaly detectio.
- 10X Visibility: Ensure comprehensive telemetry ingestion and observability.
- 10X Speed: Reduce detection-to-response cycle through orchestration and automation.
What
Similar Jobs
Keeper Security
Senior Detection Engineer (SIEM / Security Observability)
Amazon.com Services LLC
Security Engineer, Threat Detection
Amazon.com Services LLC
Security Engineer, Threat Detection
Ambience Healthcare
Staff Security Engineer, Detection and Response
Grafana Labs
Senior Software Security Engineer, Detection Engineering | UK | Remote
Grafana Labs