Security Detection Engineer

<div class="content-intro"><p><strong>WPP is the trusted growth partner for the world’s leading brands.&nbsp;</strong></p> <p><strong>We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.&nbsp;</strong><br><strong>&nbsp;</strong><br><strong>We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise.</strong><br><strong>&nbsp;</strong><br><strong>Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.&nbsp;</strong><br><strong>&nbsp;</strong><br><strong>For more information, visit <a href="https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwpp.com%2F&amp;data=05%7C02%7CErica.Durr%40wpp.com%7C9bf4566a65bc46a48ac008de749116ea%7C150b5e663d884dee83f6ed149b727a00%7C0%7C0%7C639076363668176216%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=Q9juosud56XGLThSFZ1NpPZd6FXpJPxV74OeRZWoh%2B4%3D&amp;reserved=0" target="_blank">WPP.com.</a></strong><br><strong>&nbsp;</strong></p></div><p><span style="text-decoration: underline;"><strong>Why we're hiring:</strong></span></p> <p>Detection Engineering is responsible for designing, developing, and maintaining high-fidelity detection logic across enterprise security platforms. This role focuses on proactive threat detection, automation-first practices, and continuous improvement of detection coverage and accuracy, supporting the WPP SOC transformation into an Autonomic Security Operations model.</p> <p><span style="text-decoration: underline;"><strong>What you'll be doing:</strong></span></p> <ul> <li>Develop, test, and maintain detection rules and logic across SIEM, EDR, NDR, and cloud-native platforms.</li> <li>&nbsp;Regularly review and enhance detection logic to improve accuracy, reduce noise, and align with evolving threats.</li> <li>Work with wider WPP engineering teams to ensure high-quality, normalized telemetry for effective detection.</li> <li>Automate detection rule deployment, QA, and version control using scripting and CI/CD pipelines.</li> </ul> <p><strong>Root Cause Analysis (RCA)</strong></p> <ul> <li>Conduct RCA on missed detections, delayed responses, and high-severity incidents.</li> <li>&nbsp;Identify technical and process-level causes of detection failures or inefficiencies.</li> <li>Drive corrective actions based on RCA outcomes (e.g., rule improvements, visibility gaps).</li> <li>Continuous Security Improvement (CSI)</li> <li>Maintain a CSI backlog (detection gaps, telemetry blind spots, false positives to reduce).</li> <li>&nbsp;Analyze detection performance metrics to identify trends and opportunities for improvement.</li> <li>Align detection priorities with business risk and the SOC transformation roadmap.</li> <li>Cross-Team Collaboration</li> <li>Collaborate with SOC, Incident Response, and Threat Hunting teams to operationalize detection improvements.</li> <li>&nbsp;Work with Threat Intelligence teams to integrate emerging TTPs into detection logic.</li> <li>Contribute to purple team exercises by validating detection logic against simulated attack paths.</li> </ul> <p><strong>Strategic Alignment to GCAT SOC10x</strong></p> <ul> <li>10X People: Continuous learning and knowledge sharing within the team.</li> <li>10X Process: Embed agile workflows and automation-first principles.</li> <li>10X Technology: Leverage AI/ML for detection tuning and anomaly detectio.</li> <li>10X Visibility: Ensure comprehensive telemetry ingestion and observability.</li> <li>10X Speed: Reduce detection-to-response cycle through orchestration and automation.</li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;"><strong>What you'll need:</strong></span></p> <p>&nbsp;</p> <p><strong>Technical Expertise</strong></p> <ul> <li>Strong knowledge of SIEM, SOAR, EDR, and cloud security platforms.</li> <li>Proficiency in scripting and automation (Python, PowerShell).</li> <li>Familiarity with detection-as-code principles and CI/CD pipelines.</li> <li>Understanding of MITRE ATT&amp;CK framework and threat-informed defense.</li> </ul> <p><strong>Collaboration &amp; Communication</strong></p> <ul> <li>&nbsp;Ability to work closely with SOC analysts, threat hunters, and engineers.</li> <li>Skilled in documenting detection logic and RCA outcomes.</li> </ul> <p><strong>Certifications (Preferred)</strong></p> <ul> <li>GIAC GCTI, GCFA, or equivalent advanced security certifications.</li> </ul> <p><strong>Key Attributes</strong></p> <ul> <li>Automation-first mindset with focus on scalability and resilience.</li> <li>Strong analytical and problem-solving skills.</li> <li>Excellent communication and teamwork capabilities.</li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;"><strong>Who you are:</strong></span></p> <p><strong>You're open<em>:</em> </strong>We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.</p> <p><strong>You're optimistic<em>:</em></strong> <span id="628d56ad5d8a35dab853e65d9daa237c" class="editor-module-hl-green-solid">We believe</span> in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.</p> <p><strong>You're extraordinary:</strong> we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.</p> <p>&nbsp;</p> <p><span style="text-decoration: underline;"><strong>What we'll give you:</strong></span></p> <p><strong>Passionate, inspired people</strong> – We aim to create a culture in which people can do extraordinary work.</p> <p><strong>Scale and opportunity</strong> – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.</p> <p><strong>Challenging and stimulating work</strong> – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?</p> <p><span style="color: rgb(236, 240, 241);">&nbsp;</span></p><div class="content-conclusion"><p><strong>We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.</strong></p> <p><strong>WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.</strong></p> <h4><strong>Please read our Privacy Notice (<a href="https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment">https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment</a>) for more information on how we process the information you provide.</strong></h4></div>