Head of Detection Engineering

Confirmed live in the last 24 hours

WPP

London, England, United Kingdom

Hybrid

Posted February 25, 2026

Job Description

WPP is the trusted growth partner for the world’s leading brands.

We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.

We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise.

Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.

For more information, visit WPP.com.

Why we're hiring:

WPP is at the forefront of the marketing and advertising industry's largest transformation. Our Global CIO is leading a significant evolution of our Enterprise Technology capabilities, bringing together over 2,500 technology professionals into an integrated global team. This team will play a crucial role in enabling the ongoing transformation of our agencies and functions.

Imagine shaping the cybersecurity landscape of a global powerhouse. As WPP's next Head of Detection Engineering & Response, you'll command a critical role, leading a global team to fortify our defenses with state-of-the-art detection, rapid incident management, and relentless threat hunting. This pivotal position is your chance to revolutionize our SOC, transitioning it into an Autonomic Security Operations (ASO) model. We're seeking a leader who can deliver an automation-first, intelligence-driven shield, fully aligned with the ambitious GCAT SOC10x principles, and fundamentally change how we protect WPP.

What you'll be doing:

Design and implement high-fidelity detection logic across SIEM, EDR, NDR, and cloud-native platforms.
Operationalize detection-as-code practices, including version control, automated testing, and continuous improvement.
Collaborate with Threat Intelligence and manage Threat Hunting teams to integrate adversary TTPs into detection pipelines.
Drive automation of alert triage and enrichment through SOAR playbooks.
Ensure telemetry coverage across endpoints, networks, and cloud environments for comprehensive visibility.
Own the end-to-end security incident response lifecycle: detection, containment, eradication, recovery, and lessons learned.
Establish and enforce SOC processes, workflows, and playbooks for efficient incident handling.
Coordinate with Legal, Privacy, and Risk teams during major incidents to ensure compliance and minimize business impact.
Lead post-incident reviews and root cause analysis to strengthen detection and response capabilities.
Develop and execute hypothesis-driven hunts leveraging MITRE ATT&CK and threat intelligence.
Identify gaps in existing detection coverage and feed findings back into engineering pipelines.
Use advanced analytics and machine learning models to uncover stealthy or emerging threats.
Foster a proactive security culture by embedding hunting practices into daily operations.